Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

White screen after log in [Solved]


  • This topic is locked This topic is locked

#1
dl9796

dl9796

    Member

  • Member
  • PipPipPip
  • 109 posts
Hello,

i believe i am infected with malware. i have a windows 7 pc (home edition). After i log on i get a white screen. Nothing else. If i select ctl-alt-del
i get the options for shut down and task manager. When i select task manager all i get is the white screen. Same happens when i boot into safe mode. If
i select reboot at ctl-alt-delete i briefly see my desktop (all icons are there). i also tried selecting last known good startup.

Any suggestions?

Thanks
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I will have some instructions for you shortly.
  • 0

#3
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi dl9796,

Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.

Posted Image

[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#4
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Here you go - thanks:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-02-2013
Ran by SYSTEM at 09-02-2013 20:39:45
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-01-11] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [6489704 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] "C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [995840 2010-02-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [HPWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-04-05] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [1382984 2011-12-09] (Webroot Software, Inc. )
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" [174424 2009-05-08] (Yahoo! Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ShopAtHomeWatcher] "C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [103864 2012-10-18] ()
HKLM-x32\...\Run: [HP Quick Launch] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Nikon Message Center 2] "C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" -s [571392 2011-10-30] (Nikon Corporation)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Owner\...\Run: [HPAdvisorDock] "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [1712184 2010-02-09] ()
HKU\Owner\...\Run: [LightScribe Control Panel] "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\Owner\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Owner\...\Run: [Spotify] "C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [9478320 2012-05-06] (Spotify Ltd)
HKU\Owner\...\Run: [Spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-06] ()
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [98304 2011-11-16] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)

==================== Services (Whitelisted) ===================

2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [352248 2012-08-03] (Verizon)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.)
2 WebrootSpySweeperService; "C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe" [3997912 2011-10-19] (Webroot Software, Inc. (www.webroot.com))
2 WRConsumerService; "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe" [3386840 2011-12-09] (Webroot Software, Inc. )

==================== Drivers (Whitelisted) =====================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
2 ssfmonm; C:\Windows\System32\Drivers\ssfmonm.sys [56408 2011-05-18] (Webroot Software, Inc. (www.webroot.com))
0 ssidrv; C:\Windows\System32\Drivers\ssidrv.sys [136224 2011-05-18] (Webroot Software, Inc. (www.webroot.com))

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-02-09 20:39 - 2013-02-09 20:39 - 00000000 ____D C:\FRST
2013-02-09 17:34 - 2013-02-09 17:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{03AD3004-F4A3-4C77-95A7-BE8657D43385}
2013-02-09 08:04 - 2013-02-09 08:04 - 00000000 ____D C:\Users\All Users\Recovery
2013-02-09 05:21 - 2013-02-09 05:21 - 00000000 __SHD C:\found.000
2013-02-09 05:09 - 2013-02-09 05:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{0C4155BA-1B0E-4BD1-826A-3C033A8CDD3B}
2013-02-08 12:34 - 2013-02-08 12:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{B3912728-A4E9-4EA0-8818-CF9A1ADB8EBD}
2013-02-08 10:37 - 2013-02-08 10:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{140B749B-E884-4CAD-935E-B669341014FC}
2013-02-08 10:31 - 2013-02-08 10:31 - 00000000 ____D C:\Users\Owner\AppData\Local\{3BA87DA0-0EA5-4470-BA01-41469B791064}
2013-02-08 10:24 - 2013-02-08 10:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{815992F1-4BB3-416C-B69B-EE60C8D16C61}
2013-02-08 10:18 - 2013-02-08 10:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{189FC2C7-4E67-49CF-A1EE-97F6727ADC5A}
2013-02-08 09:18 - 2013-02-08 09:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{C5F32ACB-201D-46CA-841B-B90E25ADB1BA}
2013-02-08 09:12 - 2013-02-08 09:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{D0C1FC50-166B-4D2A-8898-6921354F56AC}
2013-02-08 09:02 - 2013-02-08 09:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{0C99496B-BA3E-4685-A4BE-D12E887B03F9}
2013-02-08 08:57 - 2013-02-08 08:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{9EE2C90A-ABC6-4B3E-986F-02C57DDA826C}
2013-02-08 08:44 - 2013-02-08 08:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{DEF5C557-5F83-4A46-AAB8-D39A76912323}
2013-02-08 08:33 - 2013-02-08 08:33 - 00000000 ____D C:\Users\Owner\AppData\Local\{E6DAEEB9-7EC0-43D7-B26B-50EF2DA02169}
2013-02-07 04:52 - 2013-02-07 04:52 - 00000000 ___AH C:\Users\Owner\BITAE5D.tmp
2013-02-06 10:27 - 2013-02-06 10:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{81870F1B-3F0B-44E3-8193-439648D596AE}
2013-01-27 13:49 - 2013-01-27 13:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{576F7D25-A4E2-4CD9-A4A5-E1398AC42943}
2013-01-26 12:22 - 2013-02-09 17:34 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini
2013-01-26 12:17 - 2013-01-26 12:17 - 00098304 ____A C:\Users\Owner\wgsdgsdgdsgsd.exe
2013-01-26 06:37 - 2013-01-26 06:38 - 00000000 ____D C:\Users\Owner\AppData\Local\{217CCE34-9334-4334-8471-541982DE1DA3}
2013-01-25 04:14 - 2013-01-25 04:14 - 00000000 ____D C:\Users\All Users\Nikon
2013-01-24 10:02 - 2013-01-24 10:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{A2E2EA30-AAB7-45D7-9A4F-69F4731B606A}
2013-01-22 18:46 - 2013-01-22 18:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Nikon
2013-01-22 18:45 - 2013-01-22 18:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nikon
2013-01-22 18:41 - 2013-01-22 18:41 - 00002054 ____A C:\Users\Public\Desktop\Panorama Maker 6.lnk
2013-01-22 18:41 - 2013-01-22 18:41 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2013-01-22 18:39 - 2013-01-22 18:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ArcSoft
2013-01-22 18:37 - 2013-01-22 18:37 - 00000000 ____D C:\Windows\Downloaded Installations
2013-01-22 18:36 - 2013-01-22 18:36 - 00000268 ___RH C:\Users\All Users\Action Clauses
2013-01-22 18:36 - 2013-01-22 18:36 - 00000020 ____H C:\Users\All Users\PKP_DLes.DAT
2013-01-22 18:36 - 2013-01-22 18:36 - 00000000 ____D C:\Users\All Users\External Build System
2013-01-22 18:35 - 2013-01-26 06:46 - 00000020 ____H C:\Users\All Users\PKP_DLet.DAT
2013-01-22 18:35 - 2013-01-22 18:45 - 00000020 ____H C:\Users\All Users\PKP_DLev.DAT
2013-01-22 18:35 - 2013-01-22 18:38 - 00000000 ____D C:\Program Files (x86)\Nikon
2013-01-22 18:35 - 2013-01-22 18:37 - 00000000 ____D C:\Program Files\Common Files\Nikon
2013-01-22 18:35 - 2013-01-22 18:35 - 00002049 ____A C:\Users\Public\Desktop\ViewNX 2.lnk
2013-01-22 18:35 - 2013-01-22 18:35 - 00000268 ___RH C:\Users\Owner\AppData\Roaming\Abstract
2013-01-22 18:35 - 2013-01-22 18:35 - 00000268 ___RH C:\Users\All Users\Alerts
2013-01-22 18:35 - 2013-01-22 18:35 - 00000268 ___RH C:\Users\All Users\Action
2013-01-22 18:35 - 2013-01-22 18:35 - 00000000 ____D C:\Users\All Users\Flange Saw
2013-01-22 18:35 - 2013-01-22 18:35 - 00000000 ____D C:\Users\All Users\Electric Piano
2013-01-22 18:35 - 2013-01-22 18:35 - 00000000 ____D C:\Program Files\Nikon
2013-01-22 18:34 - 2013-01-22 18:36 - 00000000 ____D C:\Users\All Users\Ultima_T15
2013-01-22 18:34 - 2013-01-22 18:36 - 00000000 ____D C:\Users\All Users\EnterNHelp
2013-01-22 18:34 - 2013-01-22 18:34 - 00000268 ___RH C:\Users\Owner\AppData\Roaming\Animals
2013-01-22 18:34 - 2013-01-22 18:34 - 00000268 ___RH C:\Users\All Users\Applications
2013-01-22 18:34 - 2013-01-22 18:34 - 00000020 ____H C:\Users\All Users\PKP_DLeo.DAT
2013-01-22 18:34 - 2013-01-22 18:34 - 00000000 ____D C:\Users\All Users\Nature
2013-01-22 18:30 - 2013-01-22 18:30 - 00000000 ____D C:\Users\Owner\Downloads\Nikon
2013-01-22 14:37 - 2013-01-22 14:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{8C3E7922-3041-4E6C-9076-115CA1F005CC}
2013-01-15 16:25 - 2013-01-21 07:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{C75A3AAC-140E-4304-A6B0-A5376682EEF4}
2013-01-14 19:07 - 2013-01-14 19:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{51127773-87B4-41A4-AE81-485CC593DF27}
2013-01-11 10:40 - 2013-01-13 14:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{2E8ABC73-5E3D-42F4-ABC9-59F3C9868182}

==================== One Month Modified Files and Folders =======

2013-02-09 17:34 - 2013-02-09 17:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{03AD3004-F4A3-4C77-95A7-BE8657D43385}
2013-02-09 17:34 - 2013-01-26 12:22 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini
2013-02-09 17:33 - 2012-10-30 16:11 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-09 17:33 - 2011-02-05 05:51 - 00000000 ____D C:\Users\Owner\Tracing
2013-02-09 17:33 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-09 17:33 - 2009-07-13 20:51 - 00075241 ____A C:\Windows\setupact.log
2013-02-09 08:04 - 2013-02-09 08:04 - 00000000 ____D C:\Users\All Users\Recovery
2013-02-09 05:21 - 2013-02-09 05:21 - 00000000 __SHD C:\found.000
2013-02-09 05:15 - 2010-10-25 00:40 - 01498335 ____A C:\Windows\WindowsUpdate.log
2013-02-09 05:15 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-09 05:15 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-09 05:09 - 2013-02-09 05:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{0C4155BA-1B0E-4BD1-826A-3C033A8CDD3B}
2013-02-08 12:42 - 2012-05-30 13:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-08 12:38 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-08 12:34 - 2013-02-08 12:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{B3912728-A4E9-4EA0-8818-CF9A1ADB8EBD}
2013-02-08 10:37 - 2013-02-08 10:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{140B749B-E884-4CAD-935E-B669341014FC}
2013-02-08 10:31 - 2013-02-08 10:31 - 00000000 ____D C:\Users\Owner\AppData\Local\{3BA87DA0-0EA5-4470-BA01-41469B791064}
2013-02-08 10:24 - 2013-02-08 10:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{815992F1-4BB3-416C-B69B-EE60C8D16C61}
2013-02-08 10:23 - 2009-07-13 21:08 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-08 10:18 - 2013-02-08 10:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{189FC2C7-4E67-49CF-A1EE-97F6727ADC5A}
2013-02-08 10:16 - 2012-10-30 16:11 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-08 09:18 - 2013-02-08 09:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{C5F32ACB-201D-46CA-841B-B90E25ADB1BA}
2013-02-08 09:12 - 2013-02-08 09:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{D0C1FC50-166B-4D2A-8898-6921354F56AC}
2013-02-08 09:02 - 2013-02-08 09:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{0C99496B-BA3E-4685-A4BE-D12E887B03F9}
2013-02-08 08:57 - 2013-02-08 08:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{9EE2C90A-ABC6-4B3E-986F-02C57DDA826C}
2013-02-08 08:44 - 2013-02-08 08:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{DEF5C557-5F83-4A46-AAB8-D39A76912323}
2013-02-08 08:33 - 2013-02-08 08:33 - 00000000 ____D C:\Users\Owner\AppData\Local\{E6DAEEB9-7EC0-43D7-B26B-50EF2DA02169}
2013-02-07 04:52 - 2013-02-07 04:52 - 00000000 ___AH C:\Users\Owner\BITAE5D.tmp
2013-02-07 04:52 - 2011-01-21 15:53 - 00000000 ____D C:\users\Owner
2013-02-06 10:31 - 2011-01-21 16:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2013-02-06 10:27 - 2013-02-06 10:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{81870F1B-3F0B-44E3-8193-439648D596AE}
2013-01-27 13:49 - 2013-01-27 13:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{576F7D25-A4E2-4CD9-A4A5-E1398AC42943}
2013-01-26 12:17 - 2013-01-26 12:17 - 00098304 ____A C:\Users\Owner\wgsdgsdgdsgsd.exe
2013-01-26 06:46 - 2013-01-22 18:35 - 00000020 ____H C:\Users\All Users\PKP_DLet.DAT
2013-01-26 06:38 - 2013-01-26 06:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{217CCE34-9334-4334-8471-541982DE1DA3}
2013-01-26 06:35 - 2012-03-24 05:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2013-01-25 04:14 - 2013-01-25 04:14 - 00000000 ____D C:\Users\All Users\Nikon
2013-01-24 10:02 - 2013-01-24 10:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{A2E2EA30-AAB7-45D7-9A4F-69F4731B606A}
2013-01-24 10:00 - 2012-08-08 14:06 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2013-01-22 18:46 - 2013-01-22 18:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Nikon
2013-01-22 18:46 - 2013-01-22 18:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nikon
2013-01-22 18:45 - 2013-01-22 18:35 - 00000020 ____H C:\Users\All Users\PKP_DLev.DAT
2013-01-22 18:41 - 2013-01-22 18:41 - 00002054 ____A C:\Users\Public\Desktop\Panorama Maker 6.lnk
2013-01-22 18:41 - 2013-01-22 18:41 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2013-01-22 18:40 - 2010-05-14 16:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-01-22 18:39 - 2013-01-22 18:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ArcSoft
2013-01-22 18:38 - 2013-01-22 18:35 - 00000000 ____D C:\Program Files (x86)\Nikon
2013-01-22 18:38 - 2011-08-27 09:26 - 00000000 ____D C:\Users\Owner\AppData\Local\Downloaded Installations
2013-01-22 18:37 - 2013-01-22 18:37 - 00000000 ____D C:\Windows\Downloaded Installations
2013-01-22 18:37 - 2013-01-22 18:35 - 00000000 ____D C:\Program Files\Common Files\Nikon
2013-01-22 18:36 - 2013-01-22 18:36 - 00000268 ___RH C:\Users\All Users\Action Clauses
2013-01-22 18:36 - 2013-01-22 18:36 - 00000020 ____H C:\Users\All Users\PKP_DLes.DAT
2013-01-22 18:36 - 2013-01-22 18:36 - 00000000 ____D C:\Users\All Users\External Build System
2013-01-22 18:36 - 2013-01-22 18:34 - 00000000 ____D C:\Users\All Users\Ultima_T15
2013-01-22 18:36 - 2013-01-22 18:34 - 00000000 ____D C:\Users\All Users\EnterNHelp
2013-01-22 18:35 - 2013-01-22 18:35 - 00002049 ____A C:\Users\Public\Desktop\ViewNX 2.lnk
2013-01-22 18:35 - 2013-01-22 18:35 - 00000268 ___RH C:\Users\Owner\AppData\Roaming\Abstract
2013-01-22 18:35 - 2013-01-22 18:35 - 00000268 ___RH C:\Users\All Users\Alerts
2013-01-22 18:35 - 2013-01-22 18:35 - 00000268 ___RH C:\Users\All Users\Action
2013-01-22 18:35 - 2013-01-22 18:35 - 00000000 ____D C:\Users\All Users\Flange Saw
2013-01-22 18:35 - 2013-01-22 18:35 - 00000000 ____D C:\Users\All Users\Electric Piano
2013-01-22 18:35 - 2013-01-22 18:35 - 00000000 ____D C:\Program Files\Nikon
2013-01-22 18:35 - 2011-10-26 03:02 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-01-22 18:35 - 2011-01-26 05:56 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-01-22 18:35 - 2003-03-18 18:05 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL
2013-01-22 18:34 - 2013-01-22 18:34 - 00000268 ___RH C:\Users\Owner\AppData\Roaming\Animals
2013-01-22 18:34 - 2013-01-22 18:34 - 00000268 ___RH C:\Users\All Users\Applications
2013-01-22 18:34 - 2013-01-22 18:34 - 00000020 ____H C:\Users\All Users\PKP_DLeo.DAT
2013-01-22 18:34 - 2013-01-22 18:34 - 00000000 ____D C:\Users\All Users\Nature
2013-01-22 18:30 - 2013-01-22 18:30 - 00000000 ____D C:\Users\Owner\Downloads\Nikon
2013-01-22 14:37 - 2013-01-22 14:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{8C3E7922-3041-4E6C-9076-115CA1F005CC}
2013-01-21 07:02 - 2013-01-15 16:25 - 00000000 ____D C:\Users\Owner\AppData\Local\{C75A3AAC-140E-4304-A6B0-A5376682EEF4}
2013-01-14 19:08 - 2013-01-14 19:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{51127773-87B4-41A4-AE81-485CC593DF27}
2013-01-13 14:51 - 2013-01-11 10:40 - 00000000 ____D C:\Users\Owner\AppData\Local\{2E8ABC73-5E3D-42F4-ABC9-59F3C9868182}


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-21 16:01:38
Restore point made on: 2012-12-22 08:59:23
Restore point made on: 2012-12-26 16:34:18
Restore point made on: 2013-01-01 11:12:16
Restore point made on: 2013-01-05 15:11:01
Restore point made on: 2013-01-08 15:17:25
Restore point made on: 2013-01-08 17:35:41
Restore point made on: 2013-01-15 16:32:07
Restore point made on: 2013-01-19 06:19:37
Restore point made on: 2013-01-22 14:45:32
Restore point made on: 2013-01-22 18:34:29
Restore point made on: 2013-01-22 18:40:48
Restore point made on: 2013-01-25 17:56:49
Restore point made on: 2013-01-26 06:40:49

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3834.9 MB
Available physical RAM: 3125.86 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3109.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:284.09 GB) (Free:225.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.7 GB) (Free:1.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:3.62 GB) (Free:3.19 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3717 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Disk ID: FD8DFEE3

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 284 GB 200 MB
Partition 3 Primary 13 GB 284 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 284 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 04DD5721

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3710 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 3710 MB Healthy

=========================================================

Last Boot: 2012-11-29 17:28

==================== End Of Log =============================
  • 0

#5
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi dl9796,

Please copy the attached fixlist.txt to your flash drive.

Now please enter System Recovery Options again.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

If you computer will now boot, continue below:

Step 2: Run OTL.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 3: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Things I need in your next reply:
  • fixlog.txt
  • OTL log
  • Extras log
  • aswMBR log
  • What are the current symptoms of your computer? Are any of your files missing?

Attached Files


  • 0

#6
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hello - i no longer get the white screen after log on. Below are the four logs you requested:

LOG 1
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-02-2013
Ran by SYSTEM at 09-02-2013 20:39:45
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2281256 2012-01-11] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [6489704 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] "C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [995840 2010-02-05] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-05-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [HPWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-04-05] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-03-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [1382984 2011-12-09] (Webroot Software, Inc. )
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKLM-x32\...\Run: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" [174424 2009-05-08] (Yahoo! Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ShopAtHomeWatcher] "C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [103864 2012-10-18] ()
HKLM-x32\...\Run: [HP Quick Launch] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Nikon Message Center 2] "C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" -s [571392 2011-10-30] (Nikon Corporation)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Owner\...\Run: [HPAdvisorDock] "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [1712184 2010-02-09] ()
HKU\Owner\...\Run: [LightScribe Control Panel] "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\Owner\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Owner\...\Run: [Spotify] "C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [9478320 2012-05-06] (Spotify Ltd)
HKU\Owner\...\Run: [Spotify Web Helper] "C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [932528 2012-05-06] ()
HKU\Owner\...\Winlogon: [Shell] explorer.exe,C:\Users\Owner\AppData\Roaming\skype.dat [98304 2011-11-16] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe (McAfee, Inc.)

==================== Services (Whitelisted) ===================

2 IHA_MessageCenter; "C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" [352248 2012-08-03] (Verizon)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.)
2 WebrootSpySweeperService; "C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe" [3997912 2011-10-19] (Webroot Software, Inc. (www.webroot.com))
2 WRConsumerService; "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe" [3386840 2011-12-09] (Webroot Software, Inc. )

==================== Drivers (Whitelisted) =====================

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-12-18] (Novatel Wireless Inc.)
3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-12-18] (Novatel Wireless Inc.)
3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2009-12-18] (Novatel Wireless Inc.)
2 ssfmonm; C:\Windows\System32\Drivers\ssfmonm.sys [56408 2011-05-18] (Webroot Software, Inc. (www.webroot.com))
0 ssidrv; C:\Windows\System32\Drivers\ssidrv.sys [136224 2011-05-18] (Webroot Software, Inc. (www.webroot.com))

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-02-09 20:39 - 2013-02-09 20:39 - 00000000 ____D C:\FRST
2013-02-09 17:34 - 2013-02-09 17:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{03AD3004-F4A3-4C77-95A7-BE8657D43385}
2013-02-09 08:04 - 2013-02-09 08:04 - 00000000 ____D C:\Users\All Users\Recovery
2013-02-09 05:21 - 2013-02-09 05:21 - 00000000 __SHD C:\found.000
2013-02-09 05:09 - 2013-02-09 05:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{0C4155BA-1B0E-4BD1-826A-3C033A8CDD3B}
2013-02-08 12:34 - 2013-02-08 12:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{B3912728-A4E9-4EA0-8818-CF9A1ADB8EBD}
2013-02-08 10:37 - 2013-02-08 10:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{140B749B-E884-4CAD-935E-B669341014FC}
2013-02-08 10:31 - 2013-02-08 10:31 - 00000000 ____D C:\Users\Owner\AppData\Local\{3BA87DA0-0EA5-4470-BA01-41469B791064}
2013-02-08 10:24 - 2013-02-08 10:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{815992F1-4BB3-416C-B69B-EE60C8D16C61}
2013-02-08 10:18 - 2013-02-08 10:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{189FC2C7-4E67-49CF-A1EE-97F6727ADC5A}
2013-02-08 09:18 - 2013-02-08 09:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{C5F32ACB-201D-46CA-841B-B90E25ADB1BA}
2013-02-08 09:12 - 2013-02-08 09:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{D0C1FC50-166B-4D2A-8898-6921354F56AC}
2013-02-08 09:02 - 2013-02-08 09:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{0C99496B-BA3E-4685-A4BE-D12E887B03F9}
2013-02-08 08:57 - 2013-02-08 08:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{9EE2C90A-ABC6-4B3E-986F-02C57DDA826C}
2013-02-08 08:44 - 2013-02-08 08:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{DEF5C557-5F83-4A46-AAB8-D39A76912323}
2013-02-08 08:33 - 2013-02-08 08:33 - 00000000 ____D C:\Users\Owner\AppData\Local\{E6DAEEB9-7EC0-43D7-B26B-50EF2DA02169}
2013-02-07 04:52 - 2013-02-07 04:52 - 00000000 ___AH C:\Users\Owner\BITAE5D.tmp
2013-02-06 10:27 - 2013-02-06 10:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{81870F1B-3F0B-44E3-8193-439648D596AE}
2013-01-27 13:49 - 2013-01-27 13:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{576F7D25-A4E2-4CD9-A4A5-E1398AC42943}
2013-01-26 12:22 - 2013-02-09 17:34 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini
2013-01-26 12:17 - 2013-01-26 12:17 - 00098304 ____A C:\Users\Owner\wgsdgsdgdsgsd.exe
2013-01-26 06:37 - 2013-01-26 06:38 - 00000000 ____D C:\Users\Owner\AppData\Local\{217CCE34-9334-4334-8471-541982DE1DA3}
2013-01-25 04:14 - 2013-01-25 04:14 - 00000000 ____D C:\Users\All Users\Nikon
2013-01-24 10:02 - 2013-01-24 10:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{A2E2EA30-AAB7-45D7-9A4F-69F4731B606A}
2013-01-22 18:46 - 2013-01-22 18:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Nikon
2013-01-22 18:45 - 2013-01-22 18:46 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nikon
2013-01-22 18:41 - 2013-01-22 18:41 - 00002054 ____A C:\Users\Public\Desktop\Panorama Maker 6.lnk
2013-01-22 18:41 - 2013-01-22 18:41 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2013-01-22 18:39 - 2013-01-22 18:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ArcSoft
2013-01-22 18:37 - 2013-01-22 18:37 - 00000000 ____D C:\Windows\Downloaded Installations
2013-01-22 18:36 - 2013-01-22 18:36 - 00000268 ___RH C:\Users\All Users\Action Clauses
2013-01-22 18:36 - 2013-01-22 18:36 - 00000020 ____H C:\Users\All Users\PKP_DLes.DAT
2013-01-22 18:36 - 2013-01-22 18:36 - 00000000 ____D C:\Users\All Users\External Build System
2013-01-22 18:35 - 2013-01-26 06:46 - 00000020 ____H C:\Users\All Users\PKP_DLet.DAT
2013-01-22 18:35 - 2013-01-22 18:45 - 00000020 ____H C:\Users\All Users\PKP_DLev.DAT
2013-01-22 18:35 - 2013-01-22 18:38 - 00000000 ____D C:\Program Files (x86)\Nikon
2013-01-22 18:35 - 2013-01-22 18:37 - 00000000 ____D C:\Program Files\Common Files\Nikon
2013-01-22 18:35 - 2013-01-22 18:35 - 00002049 ____A C:\Users\Public\Desktop\ViewNX 2.lnk
2013-01-22 18:35 - 2013-01-22 18:35 - 00000268 ___RH C:\Users\Owner\AppData\Roaming\Abstract
2013-01-22 18:35 - 2013-01-22 18:35 - 00000268 ___RH C:\Users\All Users\Alerts
2013-01-22 18:35 - 2013-01-22 18:35 - 00000268 ___RH C:\Users\All Users\Action
2013-01-22 18:35 - 2013-01-22 18:35 - 00000000 ____D C:\Users\All Users\Flange Saw
2013-01-22 18:35 - 2013-01-22 18:35 - 00000000 ____D C:\Users\All Users\Electric Piano
2013-01-22 18:35 - 2013-01-22 18:35 - 00000000 ____D C:\Program Files\Nikon
2013-01-22 18:34 - 2013-01-22 18:36 - 00000000 ____D C:\Users\All Users\Ultima_T15
2013-01-22 18:34 - 2013-01-22 18:36 - 00000000 ____D C:\Users\All Users\EnterNHelp
2013-01-22 18:34 - 2013-01-22 18:34 - 00000268 ___RH C:\Users\Owner\AppData\Roaming\Animals
2013-01-22 18:34 - 2013-01-22 18:34 - 00000268 ___RH C:\Users\All Users\Applications
2013-01-22 18:34 - 2013-01-22 18:34 - 00000020 ____H C:\Users\All Users\PKP_DLeo.DAT
2013-01-22 18:34 - 2013-01-22 18:34 - 00000000 ____D C:\Users\All Users\Nature
2013-01-22 18:30 - 2013-01-22 18:30 - 00000000 ____D C:\Users\Owner\Downloads\Nikon
2013-01-22 14:37 - 2013-01-22 14:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{8C3E7922-3041-4E6C-9076-115CA1F005CC}
2013-01-15 16:25 - 2013-01-21 07:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{C75A3AAC-140E-4304-A6B0-A5376682EEF4}
2013-01-14 19:07 - 2013-01-14 19:08 - 00000000 ____D C:\Users\Owner\AppData\Local\{51127773-87B4-41A4-AE81-485CC593DF27}
2013-01-11 10:40 - 2013-01-13 14:51 - 00000000 ____D C:\Users\Owner\AppData\Local\{2E8ABC73-5E3D-42F4-ABC9-59F3C9868182}

==================== One Month Modified Files and Folders =======

2013-02-09 17:34 - 2013-02-09 17:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{03AD3004-F4A3-4C77-95A7-BE8657D43385}
2013-02-09 17:34 - 2013-01-26 12:22 - 00000004 ____A C:\Users\Owner\AppData\Roaming\skype.ini
2013-02-09 17:33 - 2012-10-30 16:11 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-09 17:33 - 2011-02-05 05:51 - 00000000 ____D C:\Users\Owner\Tracing
2013-02-09 17:33 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-09 17:33 - 2009-07-13 20:51 - 00075241 ____A C:\Windows\setupact.log
2013-02-09 08:04 - 2013-02-09 08:04 - 00000000 ____D C:\Users\All Users\Recovery
2013-02-09 05:21 - 2013-02-09 05:21 - 00000000 __SHD C:\found.000
2013-02-09 05:15 - 2010-10-25 00:40 - 01498335 ____A C:\Windows\WindowsUpdate.log
2013-02-09 05:15 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-09 05:15 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-09 05:09 - 2013-02-09 05:09 - 00000000 ____D C:\Users\Owner\AppData\Local\{0C4155BA-1B0E-4BD1-826A-3C033A8CDD3B}
2013-02-08 12:42 - 2012-05-30 13:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-08 12:38 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-08 12:34 - 2013-02-08 12:34 - 00000000 ____D C:\Users\Owner\AppData\Local\{B3912728-A4E9-4EA0-8818-CF9A1ADB8EBD}
2013-02-08 10:37 - 2013-02-08 10:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{140B749B-E884-4CAD-935E-B669341014FC}
2013-02-08 10:31 - 2013-02-08 10:31 - 00000000 ____D C:\Users\Owner\AppData\Local\{3BA87DA0-0EA5-4470-BA01-41469B791064}
2013-02-08 10:24 - 2013-02-08 10:24 - 00000000 ____D C:\Users\Owner\AppData\Local\{815992F1-4BB3-416C-B69B-EE60C8D16C61}
2013-02-08 10:23 - 2009-07-13 21:08 - 00032548 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-02-08 10:18 - 2013-02-08 10:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{189FC2C7-4E67-49CF-A1EE-97F6727ADC5A}
2013-02-08 10:16 - 2012-10-30 16:11 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-08 09:18 - 2013-02-08 09:18 - 00000000 ____D C:\Users\Owner\AppData\Local\{C5F32ACB-201D-46CA-841B-B90E25ADB1BA}
2013-02-08 09:12 - 2013-02-08 09:12 - 00000000 ____D C:\Users\Owner\AppData\Local\{D0C1FC50-166B-4D2A-8898-6921354F56AC}
2013-02-08 09:02 - 2013-02-08 09:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{0C99496B-BA3E-4685-A4BE-D12E887B03F9}
2013-02-08 08:57 - 2013-02-08 08:57 - 00000000 ____D C:\Users\Owner\AppData\Local\{9EE2C90A-ABC6-4B3E-986F-02C57DDA826C}
2013-02-08 08:44 - 2013-02-08 08:44 - 00000000 ____D C:\Users\Owner\AppData\Local\{DEF5C557-5F83-4A46-AAB8-D39A76912323}
2013-02-08 08:33 - 2013-02-08 08:33 - 00000000 ____D C:\Users\Owner\AppData\Local\{E6DAEEB9-7EC0-43D7-B26B-50EF2DA02169}
2013-02-07 04:52 - 2013-02-07 04:52 - 00000000 ___AH C:\Users\Owner\BITAE5D.tmp
2013-02-07 04:52 - 2011-01-21 15:53 - 00000000 ____D C:\users\Owner
2013-02-06 10:31 - 2011-01-21 16:03 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HpUpdate
2013-02-06 10:27 - 2013-02-06 10:27 - 00000000 ____D C:\Users\Owner\AppData\Local\{81870F1B-3F0B-44E3-8193-439648D596AE}
2013-01-27 13:49 - 2013-01-27 13:49 - 00000000 ____D C:\Users\Owner\AppData\Local\{576F7D25-A4E2-4CD9-A4A5-E1398AC42943}
2013-01-26 12:17 - 2013-01-26 12:17 - 00098304 ____A C:\Users\Owner\wgsdgsdgdsgsd.exe
2013-01-26 06:46 - 2013-01-22 18:35 - 00000020 ____H C:\Users\All Users\PKP_DLet.DAT
2013-01-26 06:38 - 2013-01-26 06:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{217CCE34-9334-4334-8471-541982DE1DA3}
2013-01-26 06:35 - 2012-03-24 05:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Spotify
2013-01-25 04:14 - 2013-01-25 04:14 - 00000000 ____D C:\Users\All Users\Nikon
2013-01-24 10:02 - 2013-01-24 10:02 - 00000000 ____D C:\Users\Owner\AppData\Local\{A2E2EA30-AAB7-45D7-9A4F-69F4731B606A}
2013-01-24 10:00 - 2012-08-08 14:06 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForOwner.job
2013-01-22 18:46 - 2013-01-22 18:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Nikon
2013-01-22 18:46 - 2013-01-22 18:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Nikon
2013-01-22 18:45 - 2013-01-22 18:35 - 00000020 ____H C:\Users\All Users\PKP_DLev.DAT
2013-01-22 18:41 - 2013-01-22 18:41 - 00002054 ____A C:\Users\Public\Desktop\Panorama Maker 6.lnk
2013-01-22 18:41 - 2013-01-22 18:41 - 00000000 ____D C:\Program Files (x86)\ArcSoft
2013-01-22 18:40 - 2010-05-14 16:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-01-22 18:39 - 2013-01-22 18:39 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ArcSoft
2013-01-22 18:38 - 2013-01-22 18:35 - 00000000 ____D C:\Program Files (x86)\Nikon
2013-01-22 18:38 - 2011-08-27 09:26 - 00000000 ____D C:\Users\Owner\AppData\Local\Downloaded Installations
2013-01-22 18:37 - 2013-01-22 18:37 - 00000000 ____D C:\Windows\Downloaded Installations
2013-01-22 18:37 - 2013-01-22 18:35 - 00000000 ____D C:\Program Files\Common Files\Nikon
2013-01-22 18:36 - 2013-01-22 18:36 - 00000268 ___RH C:\Users\All Users\Action Clauses
2013-01-22 18:36 - 2013-01-22 18:36 - 00000020 ____H C:\Users\All Users\PKP_DLes.DAT
2013-01-22 18:36 - 2013-01-22 18:36 - 00000000 ____D C:\Users\All Users\External Build System
2013-01-22 18:36 - 2013-01-22 18:34 - 00000000 ____D C:\Users\All Users\Ultima_T15
2013-01-22 18:36 - 2013-01-22 18:34 - 00000000 ____D C:\Users\All Users\EnterNHelp
2013-01-22 18:35 - 2013-01-22 18:35 - 00002049 ____A C:\Users\Public\Desktop\ViewNX 2.lnk
2013-01-22 18:35 - 2013-01-22 18:35 - 00000268 ___RH C:\Users\Owner\AppData\Roaming\Abstract
2013-01-22 18:35 - 2013-01-22 18:35 - 00000268 ___RH C:\Users\All Users\Alerts
2013-01-22 18:35 - 2013-01-22 18:35 - 00000268 ___RH C:\Users\All Users\Action
2013-01-22 18:35 - 2013-01-22 18:35 - 00000000 ____D C:\Users\All Users\Flange Saw
2013-01-22 18:35 - 2013-01-22 18:35 - 00000000 ____D C:\Users\All Users\Electric Piano
2013-01-22 18:35 - 2013-01-22 18:35 - 00000000 ____D C:\Program Files\Nikon
2013-01-22 18:35 - 2011-10-26 03:02 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-01-22 18:35 - 2011-01-26 05:56 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-01-22 18:35 - 2003-03-18 18:05 - 00106496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ATL71.DLL
2013-01-22 18:34 - 2013-01-22 18:34 - 00000268 ___RH C:\Users\Owner\AppData\Roaming\Animals
2013-01-22 18:34 - 2013-01-22 18:34 - 00000268 ___RH C:\Users\All Users\Applications
2013-01-22 18:34 - 2013-01-22 18:34 - 00000020 ____H C:\Users\All Users\PKP_DLeo.DAT
2013-01-22 18:34 - 2013-01-22 18:34 - 00000000 ____D C:\Users\All Users\Nature
2013-01-22 18:30 - 2013-01-22 18:30 - 00000000 ____D C:\Users\Owner\Downloads\Nikon
2013-01-22 14:37 - 2013-01-22 14:37 - 00000000 ____D C:\Users\Owner\AppData\Local\{8C3E7922-3041-4E6C-9076-115CA1F005CC}
2013-01-21 07:02 - 2013-01-15 16:25 - 00000000 ____D C:\Users\Owner\AppData\Local\{C75A3AAC-140E-4304-A6B0-A5376682EEF4}
2013-01-14 19:08 - 2013-01-14 19:07 - 00000000 ____D C:\Users\Owner\AppData\Local\{51127773-87B4-41A4-AE81-485CC593DF27}
2013-01-13 14:51 - 2013-01-11 10:40 - 00000000 ____D C:\Users\Owner\AppData\Local\{2E8ABC73-5E3D-42F4-ABC9-59F3C9868182}


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-12-21 16:01:38
Restore point made on: 2012-12-22 08:59:23
Restore point made on: 2012-12-26 16:34:18
Restore point made on: 2013-01-01 11:12:16
Restore point made on: 2013-01-05 15:11:01
Restore point made on: 2013-01-08 15:17:25
Restore point made on: 2013-01-08 17:35:41
Restore point made on: 2013-01-15 16:32:07
Restore point made on: 2013-01-19 06:19:37
Restore point made on: 2013-01-22 14:45:32
Restore point made on: 2013-01-22 18:34:29
Restore point made on: 2013-01-22 18:40:48
Restore point made on: 2013-01-25 17:56:49
Restore point made on: 2013-01-26 06:40:49

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 3834.9 MB
Available physical RAM: 3125.86 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3109.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:284.09 GB) (Free:225.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.7 GB) (Free:1.96 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:3.62 GB) (Free:3.19 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3717 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Disk ID: FD8DFEE3

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 284 GB 200 MB
Partition 3 Primary 13 GB 284 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 284 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 04DD5721

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3710 MB 31 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 3710 MB Healthy

=========================================================

Last Boot: 2012-11-29 17:28

==================== End Of Log =============================

LOG 2
OTL logfile created on: 2/11/2013 9:03:06 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 63.67% Memory free
7.49 Gb Paging File | 5.75 Gb Available in Paging File | 76.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.09 Gb Total Space | 225.27 Gb Free Space | 79.30% Space Free | Partition Type: NTFS
Drive D: | 13.70 Gb Total Space | 1.96 Gb Free Space | 14.34% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 87.19 Mb Free Space | 87.78% Space Free | Partition Type: FAT32
Drive G: | 3.62 Gb Total Space | 3.18 Gb Free Space | 87.97% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/11 08:56:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2012/05/06 19:34:13 | 000,932,528 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/04/04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 14:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/09 19:32:22 | 003,386,840 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2011/12/09 19:32:19 | 001,382,984 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2011/10/30 15:44:36 | 000,571,392 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe
PRC - [2011/10/19 11:22:58 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/03 01:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
PRC - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe
PRC - [2009/09/12 22:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009/09/12 22:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/05/08 05:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/09 20:14:03 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/08 21:01:30 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/08 21:01:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/08 21:01:05 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/08 21:00:53 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/08 21:00:27 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/08 21:00:16 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/08 21:00:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/08 21:00:05 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/08 21:00:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/08 20:59:36 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/28 20:54:03 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2012/05/06 19:34:13 | 000,932,528 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011/12/09 19:32:24 | 002,557,952 | ---- | M] () -- C:\Program Files (x86)\Webroot\Security\Current\Framework\frameworkresources.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/22 13:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 13:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 13:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/02/09 20:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 20:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 20:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 20:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 20:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 20:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 20:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 20:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/06/24 15:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/04/05 13:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/03/10 22:29:46 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 12:50:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 18:43:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/03 15:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2012/04/04 14:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/09 19:32:22 | 003,386,840 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2011/10/19 11:22:58 | 003,997,912 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/09/03 01:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/26 18:27:16 | 000,127,984 | ---- | M] (CinemaNow, Inc.) [Auto | Running] -- C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe -- (CinemaNow Service)
SRV - [2010/01/04 13:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 14:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/11 19:37:10 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/18 16:31:32 | 000,136,224 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2011/05/18 16:31:30 | 000,056,408 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2011/02/22 11:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/02/11 12:41:53 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/21 21:51:14 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/03/10 22:39:52 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/10 21:34:06 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/02/22 15:00:12 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/28 13:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/18 11:13:02 | 000,025,600 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys -- (NWUSBCDFIL64)
DRV:64bit: - [2009/12/18 11:13:00 | 000,257,536 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWADIenum.sys -- (NWADI)
DRV:64bit: - [2009/12/18 11:12:58 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV:64bit: - [2009/12/18 11:12:58 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbser.sys -- (NWUSBPort)
DRV:64bit: - [2009/12/18 11:12:58 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV:64bit: - [2009/10/07 22:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 22:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/09/08 17:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/08/23 21:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B29A78F7-A0B6-42AA-8D16-637D87B4FB0A}
IE:64bit: - HKLM\..\SearchScopes\{B29A78F7-A0B6-42AA-8D16-637D87B4FB0A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{EF05627D-9D00-469A-9190-F138C89A12BF}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {B29A78F7-A0B6-42AA-8D16-637D87B4FB0A}
IE - HKLM\..\SearchScopes\{B29A78F7-A0B6-42AA-8D16-637D87B4FB0A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{EF05627D-9D00-469A-9190-F138C89A12BF}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {B29A78F7-A0B6-42AA-8D16-637D87B4FB0A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {B29A78F7-A0B6-42AA-8D16-637D87B4FB0A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2434352869-186315765-158770976-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2434352869-186315765-158770976-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2434352869-186315765-158770976-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2434352869-186315765-158770976-1000\..\SearchScopes,DefaultScope = {AF3589E4-2F2A-4587-8D4C-3B7A6A753BE8}
IE - HKU\S-1-5-21-2434352869-186315765-158770976-1000\..\SearchScopes\{AF3589E4-2F2A-4587-8D4C-3B7A6A753BE8}: "URL" = http://search.yahoo....chTerms}&fr=chr
IE - HKU\S-1-5-21-2434352869-186315765-158770976-1000\..\SearchScopes\{B29A78F7-A0B6-42AA-8D16-637D87B4FB0A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2434352869-186315765-158770976-1000\..\SearchScopes\{C79E675B-421D-4EA5-BFEA-79F12A4C7350}: "URL" = http://websearch.sho...q={searchTerms}
IE - HKU\S-1-5-21-2434352869-186315765-158770976-1000\..\SearchScopes\{EF05627D-9D00-469A-9190-F138C89A12BF}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKU\S-1-5-21-2434352869-186315765-158770976-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - homepage:
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/01/03 18:31:44 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2434352869-186315765-158770976-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-2434352869-186315765-158770976-1000..\Run: [Spotify] C:\Users\Owner\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2434352869-186315765-158770976-1000..\Run: [Spotify Web Helper] C:\Users\Owner\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2434352869-186315765-158770976-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16:64bit: - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_64.CAB (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C24B09ED-45EE-4500-9AF9-7C1A8F531B29}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{beb73beb-d060-11e0-8d16-643150602381}\Shell - "" = AutoRun
O33 - MountPoints2\{beb73beb-d060-11e0-8d16-643150602381}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O33 - MountPoints2\{beb73c06-d060-11e0-8d16-643150602381}\Shell - "" = AutoRun
O33 - MountPoints2\{beb73c06-d060-11e0-8d16-643150602381}\Shell\AutoRun\command - "" = G:\VZAccess_Manager.exe /z detect
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/11 09:02:30 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2013/02/11 09:02:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/02/11 08:57:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{887C8869-714A-4543-BE62-FBE56200E31B}
[2013/02/09 23:39:32 | 000,000,000 | ---D | C] -- C:\FRST
[2013/02/09 20:34:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{03AD3004-F4A3-4C77-95A7-BE8657D43385}
[2013/02/09 11:04:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2013/02/09 08:21:47 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/02/09 08:09:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0C4155BA-1B0E-4BD1-826A-3C033A8CDD3B}
[2013/02/08 15:42:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/02/08 15:34:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B3912728-A4E9-4EA0-8818-CF9A1ADB8EBD}
[2013/02/08 13:37:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{140B749B-E884-4CAD-935E-B669341014FC}
[2013/02/08 13:31:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3BA87DA0-0EA5-4470-BA01-41469B791064}
[2013/02/08 13:24:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{815992F1-4BB3-416C-B69B-EE60C8D16C61}
[2013/02/08 13:18:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{189FC2C7-4E67-49CF-A1EE-97F6727ADC5A}
[2013/02/08 12:18:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C5F32ACB-201D-46CA-841B-B90E25ADB1BA}
[2013/02/08 12:12:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D0C1FC50-166B-4D2A-8898-6921354F56AC}
[2013/02/08 12:02:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0C99496B-BA3E-4685-A4BE-D12E887B03F9}
[2013/02/08 11:57:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{9EE2C90A-ABC6-4B3E-986F-02C57DDA826C}
[2013/02/08 11:44:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DEF5C557-5F83-4A46-AAB8-D39A76912323}
[2013/02/08 11:33:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E6DAEEB9-7EC0-43D7-B26B-50EF2DA02169}
[2013/02/06 13:27:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{81870F1B-3F0B-44E3-8193-439648D596AE}
[2013/01/27 16:49:05 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{576F7D25-A4E2-4CD9-A4A5-E1398AC42943}
[2013/01/26 09:37:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{217CCE34-9334-4334-8471-541982DE1DA3}
[2013/01/25 07:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
[2013/01/24 13:02:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A2E2EA30-AAB7-45D7-9A4F-69F4731B606A}
[2013/01/22 21:46:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Nikon
[2013/01/22 21:45:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Nikon
[2013/01/22 21:41:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Panorama Maker 6
[2013/01/22 21:41:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2013/01/22 21:40:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2013/01/22 21:39:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ArcSoft
[2013/01/22 21:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
[2013/01/22 21:37:27 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2013/01/22 21:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nikon
[2013/01/22 21:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\External Build System
[2013/01/22 21:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
[2013/01/22 21:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2013/01/22 21:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nikon
[2013/01/22 21:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2013/01/22 21:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Flange Saw
[2013/01/22 21:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Electric Piano
[2013/01/22 21:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
[2013/01/22 21:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Nature
[2013/01/22 21:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
[2013/01/22 21:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
[2013/01/22 17:37:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{8C3E7922-3041-4E6C-9076-115CA1F005CC}
[2013/01/15 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C75A3AAC-140E-4304-A6B0-A5376682EEF4}
[2013/01/14 22:07:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{51127773-87B4-41A4-AE81-485CC593DF27}
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/11 09:06:33 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/11 09:06:33 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/11 09:06:33 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/11 09:04:49 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 09:04:49 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/11 08:57:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2013/02/11 08:56:38 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/11 08:56:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/11 08:56:20 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/11 08:56:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/02/08 15:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/08 13:16:45 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/26 09:46:56 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2013/01/24 13:00:41 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job
[2013/01/22 21:45:32 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2013/01/22 21:41:17 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Panorama Maker 6.lnk
[2013/01/22 21:36:50 | 000,000,268 | RH-- | M] () -- C:\Users\Owner\AppData\Roaming\vhosts
[2013/01/22 21:36:50 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Action Clauses
[2013/01/22 21:36:50 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2013/01/22 21:35:47 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2013/01/22 21:35:28 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Alerts
[2013/01/22 21:35:28 | 000,000,268 | RH-- | M] () -- C:\Users\Owner\AppData\Roaming\Abstract
[2013/01/22 21:35:27 | 000,000,268 | RH-- | M] () -- C:\Users\Owner\AppData\Roaming\programs
[2013/01/22 21:35:27 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Action
[2013/01/22 21:35:00 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ATL71.DLL
[2013/01/22 21:34:40 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLeo.DAT
[2013/01/22 21:34:37 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Applications
[2013/01/22 21:34:37 | 000,000,268 | RH-- | M] () -- C:\Users\Owner\AppData\Roaming\Animals
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Users\Owner\Desktop\*.tmp files -> C:\Users\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/22 21:41:17 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Panorama Maker 6.lnk
[2013/01/22 21:36:50 | 000,000,268 | RH-- | C] () -- C:\Users\Owner\AppData\Roaming\vhosts
[2013/01/22 21:36:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Action Clauses
[2013/01/22 21:36:50 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2013/01/22 21:35:47 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2013/01/22 21:35:28 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Alerts
[2013/01/22 21:35:28 | 000,000,268 | RH-- | C] () -- C:\Users\Owner\AppData\Roaming\Abstract
[2013/01/22 21:35:28 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2013/01/22 21:35:27 | 000,000,268 | RH-- | C] () -- C:\Users\Owner\AppData\Roaming\programs
[2013/01/22 21:35:27 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Action
[2013/01/22 21:35:27 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2013/01/22 21:34:37 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Applications
[2013/01/22 21:34:37 | 000,000,268 | RH-- | C] () -- C:\Users\Owner\AppData\Roaming\Animals
[2013/01/22 21:34:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT
[2011/04/12 19:28:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

LOG 3
OTL Extras logfile created on: 2/11/2013 9:03:06 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 63.67% Memory free
7.49 Gb Paging File | 5.75 Gb Available in Paging File | 76.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.09 Gb Total Space | 225.27 Gb Free Space | 79.30% Space Free | Partition Type: NTFS
Drive D: | 13.70 Gb Total Space | 1.96 Gb Free Space | 14.34% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 87.19 Mb Free Space | 87.78% Space Free | Partition Type: FAT32
Drive G: | 3.62 Gb Total Space | 3.18 Gb Free Space | 87.97% Space Free | Partition Type: FAT32

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2434352869-186315765-158770976-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1CF4D64D-E374-4A6B-B170-EED9672564BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{22B81D4D-1244-4F76-BAE6-F72A49F95A8D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{266B381B-A9B1-4AF8-9F73-393E193D4EEE}" = lport=445 | protocol=6 | dir=in | app=system |
"{28B7B272-94F0-4381-8D62-20EEB4156768}" = rport=139 | protocol=6 | dir=out | app=system |
"{2B98A394-1976-4EE4-A055-3B3E7E736BAA}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{3ADA067C-9226-4344-9100-F9136FA503A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3B1E0C20-3715-41A6-9E5B-F071C5E76F63}" = rport=445 | protocol=6 | dir=out | app=system |
"{47D93DAD-B003-4256-B7DC-CF6E062E30DE}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{50A1EADE-35AE-48AF-9D64-C67D7D4BB252}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54D88428-CFBA-4358-B640-5C4FA56BD3AD}" = rport=137 | protocol=17 | dir=out | app=system |
"{57C9C736-0BF2-4EDE-9985-B2346078F864}" = lport=10243 | protocol=6 | dir=in | app=system |
"{591C5DBA-8858-4787-8A2E-F9E7DC5FCDFA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{697E14FE-C620-434A-8916-17CA0A4B7EB5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7A265DED-3135-4E10-8062-B5728320CCAB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8184F41D-C8C2-4439-9EDB-AFC1FC970A93}" = lport=137 | protocol=17 | dir=in | app=system |
"{8A6F86AC-F6DC-4EA4-B13A-A933AC838AF3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{970063DB-F2AD-4E8D-BDC7-B5D340A39F33}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F297F9A-6778-4833-8FB3-796C64FCE71D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BB0DE706-6687-49D9-BC99-86068F351900}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{BE64448D-63C5-44E6-9732-3808C149F9BF}" = lport=139 | protocol=6 | dir=in | app=system |
"{C5B46D5F-CE04-4D12-9ABD-DF524C23DEDF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0A95EC8-1DC4-4CE7-8246-86155D2DEBA2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{EAA7DEF4-B660-4BD4-B5FF-0C25FAF85C13}" = rport=138 | protocol=17 | dir=out | app=system |
"{EDA4D6CB-7221-416F-B8E7-A747F8AB26F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EDC6DA5D-965A-40F7-B2FB-BADF64C3936A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1E04071-453C-4137-B557-961CA9913E6B}" = lport=138 | protocol=17 | dir=in | app=system |
"{F55F0997-2DF7-4C56-9ADF-28F89BAE50C3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FD2E8AE8-B00D-40AA-B8BD-16D004B2048C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E1C1ED-BD1D-4740-81B3-0AF5B49B4067}" = protocol=1 | dir=out | [email protected],-28544 |
"{1134A451-25A0-4D9B-AC8C-610826CA84D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1318BC8A-FC59-4D0F-B6F5-D16DF10424EC}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{1D0021D9-48A8-4AE7-8451-9DAA5C02D80D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2AD17EB1-A4B8-4E20-9E65-51E1C82CC532}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{340FF172-C25F-4826-BB1C-83E5F73BAE07}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{417CD796-A2FA-40E4-96FD-A2CC810DA27B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{44BBF460-656D-4101-AEEA-6A18E0446F5D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{514D1B32-9225-4E12-9B9A-671D52DECAE1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{60E213F5-8E2D-4E55-9CC4-093231E59715}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{770BE4AD-7F91-4C97-9F7E-DA48252ADA84}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{79796AC0-36AF-4D63-B4C7-34591EAB6758}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B58B284-2361-4125-84D5-3962C8DF0177}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{7C71456A-9975-4B67-A075-53B102DA9B68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{85D27735-B2AE-4DAF-B7F1-0B0D564E5F27}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{955B0CFA-A073-4E11-A4F8-87C9A6253CDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{973A77B7-09EF-4C29-A386-E568A24260CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9812FC24-D7F9-401D-9E3D-C93C86C32750}" = protocol=1 | dir=in | [email protected],-28543 |
"{9EF6DA97-2890-4AB3-A7EC-24A19B16C70C}" = protocol=58 | dir=out | [email protected],-28546 |
"{A47F738B-524E-4ECE-8F8E-95D7D30D8435}" = protocol=58 | dir=in | [email protected],-28545 |
"{AAD4B5C3-2C35-4557-824A-4C08DA7504F6}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{B75B3921-1B92-4565-A18D-F6AFEC3E1A91}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\cinemanow\cinemanow.exe |
"{BA2F6559-4C0C-4ED5-8EE4-8F4A9BD320B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BE1E6583-6F8A-4DD9-BBA0-227CA97212F6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3A4C10E-442D-4E82-8C88-36A7BEC37954}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D8B80CED-D499-4C32-B232-591D20D25F3E}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe |
"{E1329109-0245-420B-ACE7-81189A2543B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E90DA969-2745-48FE-93BC-63339004E244}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{ECF7B7B7-B3F4-452E-94E6-97DC893365FD}" = protocol=6 | dir=out | app=system |
"{F30B9536-37CB-429D-9764-42C59452666D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1A2E429C-8AEF-459D-BC7B-F90784F21830}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"TCP Query User{29023D16-C164-4473-99E6-965BC65759BF}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"TCP Query User{421DA5C1-B968-4118-A37F-2C030AD83B1A}G:\techwizard.exe" = protocol=6 | dir=in | app=g:\techwizard.exe |
"UDP Query User{170404E1-1212-4179-940E-B3849EC43C80}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"UDP Query User{2232554C-43FC-4C5A-A018-161CCE4F1D03}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe |
"UDP Query User{D9BFD5F8-73CD-4B8D-B695-05821DB470D1}G:\techwizard.exe" = protocol=17 | dir=in | app=g:\techwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{11953C65-BB4E-4CA4-B0F0-2600A4B20040}" = Picture Control Utility x64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{477EE3A9-4B53-0F22-DB40-277ED46E9E72}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{635BE602-BB9C-4C59-8CC5-93F9366E8A21}" = ViewNX 2
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C3F0426C-175D-39B7-7A14-D6B21952DE5E}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0AD3D4FC-0B19-B2F2-376A-E6BF36BA342B}" = ccc-core-static
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E27900B-E594-DCA9-10DB-C87A8318991C}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java™ 6 Update 37
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{31F4E558-F8A8-170E-BD85-BAD4EE739991}" = CCC Help Hungarian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3A8FE746-19BA-4168-8D01-D45897C7310E}" = VZAccess Manager
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5124C3E2-5BE8-3FFA-F958-CF0C99961566}" = CCC Help Swedish
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53839C74-42E0-72E8-0369-C9713A319A26}" = Catalyst Control Center InstallProxy
"{54F17069-7E87-A85A-9078-6F5B06AF21A3}" = CCC Help German
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{6048D442-6C92-D73C-D248-02C1D4038C3E}" = CCC Help Finnish
"{608A6E25-720C-8171-F887-F7664A23CA0C}" = CCC Help Norwegian
"{60FA1132-0486-41F9-B747-6D308C284D1C}" = Catalyst Control Center - Branding
"{60FAD0EE-2F87-FAEB-FE05-0CDCF8179884}" = CCC Help Thai
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6C122441-1861-4CD7-B1C5-A163A6984E12}" = CinemaNow Media Manager
"{6CAABDBA-F58D-565C-D36E-6D573B1B8E44}" = Catalyst Control Center Graphics Light
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7908E6E5-4BBC-756D-A235-2CFCC142685D}" = CCC Help English
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{834265C4-CDF4-44D3-BD24-31531617EFB8}" = IHA_MessageCenter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{854DDB9E-D488-065B-9FEF-18C159E451AF}" = Catalyst Control Center Graphics Previews Vista
"{85BCA864-BDC8-9299-C6AC-C032301D018C}" = Catalyst Control Center Graphics Full New
"{87553C1A-35F4-142A-AC88-86B663F7F136}" = CCC Help Czech
"{88146D95-5AEC-96BD-3107-A59328CE35BF}" = CCC Help Chinese Traditional
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software
"{8B8797ED-6E75-FEBA-7210-90A2462B5DA7}" = CCC Help Japanese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90C2329F-2EE2-5035-21B8-14F2F240D976}" = CCC Help Turkish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B75E2857-9A0D-EE0D-B332-A05FBECDDB83}" = Catalyst Control Center Graphics Previews Common
"{BA45BD32-4DF8-4BE8-8558-83A0280CEE8E}" = Vz In Home Agent
"{BA8D33B9-40B5-BC33-1F48-C2ADC90ABA95}" = CCC Help Italian
"{BD50BAF8-8DBD-C054-ACAA-EB7300A09B5F}" = CCC Help Korean
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C3CBA627-2962-C9B2-6698-C89658757EB9}" = Catalyst Control Center Localization All
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE8F47D8-1C4D-48F3-F9F3-3D5DFCC75C24}" = Catalyst Control Center Core Implementation
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF4EFF53-CA7D-9479-3E18-AB6253497A95}" = CCC Help Russian
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D19E881A-4A1E-A947-717F-B8DA93AE2EDA}" = CCC Help Chinese Standard
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D89D0D05-670D-D6C5-71DA-7C52F754F75F}" = CCC Help Dutch
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}" = ArcSoft Panorama Maker 6
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2831862-F131-4327-B9CC-FA30F587EB6C}" = HP Setup
"{E3148F44-518B-3232-58CA-77DB808E255F}" = Catalyst Control Center Graphics Full Existing
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EC67E77D-7873-A1B1-17E1-263E10748EEF}" = CCC Help Danish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F220D637-1086-83C2-EA21-25AF1FE47BEC}" = CCC Help Polish
"{F362902D-BC94-4187-8960-3B51F55B2EB0}" = Verizon Wireless USB760 Firmware Updates
"{F4693A78-2E6C-2A26-B833-E13A4A5DACB4}" = CCC Help Greek
"{F6B6A150-08FA-46D5-808A-EB638269551D}" = HP Power Plan Utility
"{FD122F1F-A640-082D-F4CB-F01259A956B6}" = CCC Help Portuguese
"{FDE722A1-1AEF-0641-D5D1-BA4C464BAB4C}" = CCC Help Spanish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"My HP Game Console" = HP Game Console
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"ShopAtHome.com Helper" = ShopAtHome.com Helper
"ShopAtHome.com Toolbar" = ShopAtHome.com Toolbar
"Webroot Software" = Webroot Software
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT082122" = Blackhawk Striker 2
"WT082124" = Blasterball 3
"WT082133" = Dora's Carnival Adventure
"WT082141" = FATE
"WT082168" = Penguins!
"WT082170" = Plants vs. Zombies
"WT082171" = Poker Superstars III
"WT082172" = Polar Bowler
"WT082173" = Polar Golfer
"WT082188" = Virtual Families
"WT082189" = Wheel of Fortune 2
"WT082192" = Bejeweled 2 Deluxe
"WT082200" = Chuzzle Deluxe
"WT082241" = Virtual Villagers - The Secret City
"WT082396" = Diner Dash 2 Restaurant Rescue
"WT082438" = Build-a-lot 2
"WT082442" = Faerie Solitaire
"WT082443" = Jewel Quest 3
"WT082456" = Mystery P.I. - The New York Fortune
"WT082463" = Zuma's Revenge
"WT082468" = Jewel Quest Solitaire 2
"WT083477" = Cake Mania
"WT083484" = Escape Rosecliff Island
"WT083491" = TextTwist 2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2434352869-186315765-158770976-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/6/2012 6:49:24 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16455 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ce4 Start
Time: 01cdd403b8734636 Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 12/6/2012 6:50:16 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16455 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 12c0 Start
Time: 01cdd403dca3b1d9 Termination Time: 63 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 12/9/2012 5:19:48 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
time stamp: 0x5072b744 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec4aa8e Exception code: 0xc00000fd Fault offset: 0x000000000005327f
Faulting
process id: 0x1620 Faulting application start time: 0x01cdd628872fc79d Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 28bec3fc-4246-11e2-9682-643150602381

Error - 12/9/2012 8:35:44 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16455,
time stamp: 0x507284ba Faulting module name: jscript9.dll, version: 9.0.8112.16455,
time stamp: 0x50728711 Exception code: 0xc0000005 Fault offset: 0x000b90f1 Faulting
process id: 0xefc Faulting application start time: 0x01cdd65ddb63089c Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\jscript9.dll Report Id: 87ace215-4261-11e2-9682-643150602381

Error - 12/12/2012 10:48:35 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Application or service 'HPWMISVC' could not be restarted.

Error - 12/12/2012 2:23:43 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program wfcrun32.exe version 11.2.0.31560 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 9d8 Start
Time: 01cdd87a461f22c7 Termination Time: 16 Application Path: C:\Program Files (x86)\Citrix\ICA
Client\wfcrun32.exe Report Id: 05dc1bdb-4489-11e2-9682-643150602381

Error - 12/17/2012 8:17:22 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McUICnt.exe, version: 2.15.101.0, time
stamp: 0x4a53eca6 Faulting module name: ieframe.dll, version: 9.0.8112.16457, time
stamp: 0x50a2fe39 Exception code: 0xc0000005 Fault offset: 0x000fccc8 Faulting process
id: 0x514 Faulting application start time: 0x01cddcb3fedda65f Faulting application
path: C:\Program Files (x86)\McAfee Security Scan\2.1.121\McUICnt.exe Faulting module
path: C:\Windows\SysWOW64\ieframe.dll Report Id: 4a72ce03-48a8-11e2-9643-643150602381

Error - 12/18/2012 6:35:24 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1640 Start
Time: 01cddcb510d1b9b9 Termination Time: 109 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id: 2f3006a5-4963-11e2-9643-643150602381

Error - 1/1/2013 9:53:55 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e70 Start
Time: 01cde88bcd42ff06 Termination Time: 16 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 1/1/2013 11:16:14 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application name: McUICnt.exe, version: 2.15.101.0, time
stamp: 0x4a53eca6 Faulting module name: ieframe.dll, version: 9.0.8112.16457, time
stamp: 0x50a2fe39 Exception code: 0xc0000005 Fault offset: 0x000fccc8 Faulting process
id: 0x10a0 Faulting application start time: 0x01cde88cfb1de94d Faulting application
path: C:\Program Files (x86)\McAfee Security Scan\2.1.121\McUICnt.exe Faulting module
path: C:\Windows\SysWOW64\ieframe.dll Report Id: c3732b8d-548a-11e2-9ad9-643150602381

[ Hewlett-Packard Events ]
Error - 10/9/2012 9:14:07 PM | Computer Name = Owner-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 10/17/2012 8:38:22 PM | Computer Name = Owner-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 10/23/2012 9:30:30 PM | Computer Name = Owner-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 10/30/2012 9:10:38 PM | Computer Name = Owner-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()

Error - 11/8/2012 9:29:26 PM | Computer Name = Owner-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 11/13/2012 10:33:11 PM | Computer Name = Owner-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()

Error - 11/21/2012 10:33:19 AM | Computer Name = Owner-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: TargetSite: Void UpdateAndDetect()

Error - 11/27/2012 10:23:59 PM | Computer Name = Owner-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3834 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()

Error - 11/28/2012 10:03:59 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3834
Ram
Utilization: 40 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


Error - 11/29/2012 9:37:42 PM | Computer Name = Owner-PC | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3834
Ram
Utilization: 40 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()


[ HP Wireless Assistant Events ]
Error - 2/6/2013 2:29:20 PM | Computer Name = Owner-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 2/8/2013 12:29:37 PM | Computer Name = Owner-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 2/8/2013 12:34:35 PM | Computer Name = Owner-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 2/8/2013 1:04:18 PM | Computer Name = Owner-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 2/8/2013 1:20:30 PM | Computer Name = Owner-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 2/8/2013 2:20:27 PM | Computer Name = Owner-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 2/8/2013 2:26:05 PM | Computer Name = Owner-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 2/8/2013 2:33:17 PM | Computer Name = Owner-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 2/8/2013 4:36:23 PM | Computer Name = Owner-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 2/9/2013 9:10:23 AM | Computer Name = Owner-PC | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : e_BIOS_INVALID_COMMAND_TYPE

at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData& calibration)

at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

[ System Events ]
Error - 2/9/2013 9:07:10 AM | Computer Name = Owner-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 2/9/2013 9:08:40 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 2/9/2013 9:08:39 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 2/9/2013 9:08:39 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 2/9/2013 9:15:43 AM | Computer Name = Owner-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 2/9/2013 9:15:49 AM | Computer Name = Owner-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 2/9/2013 9:15:51 AM | Computer Name = Owner-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 2/11/2013 9:51:52 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7038
Description = The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService
with the currently configured password due to the following error: %%1352 To ensure
that the service is configured properly, use the Services snap-in in Microsoft
Management Console (MMC).

Error - 2/11/2013 9:51:52 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description = The WinHTTP Web Proxy Auto-Discovery Service service failed to start
due to the following error: %%1069

Error - 2/11/2013 9:51:52 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
Description = The Security Center service terminated with the following error: %%1747


< End of report >

LOG 4
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-11 09:32:44
-----------------------------
09:32:44.113 OS Version: Windows x64 6.1.7601 Service Pack 1
09:32:44.113 Number of processors: 2 586 0x603
09:32:44.113 ComputerName: OWNER-PC UserName: Owner
09:32:45.985 Initialize success
09:33:07.439 AVAST engine download error: 0
09:33:11.293 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
09:33:11.293 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 11
09:33:11.324 Disk 0 MBR read successfully
09:33:11.324 Disk 0 MBR scan
09:33:11.324 Disk 0 unknown MBR code
09:33:11.339 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
09:33:11.355 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 290909 MB offset 409600
09:33:11.386 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14032 MB offset 596191232
09:33:11.402 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
09:33:11.433 Disk 0 scanning C:\Windows\system32\drivers
09:33:18.952 Service scanning
09:33:40.246 Modules scanning
09:33:40.262 Disk 0 trace - called modules:
09:33:40.293 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
09:33:40.309 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042dc060]
09:33:40.324 3 CLASSPNP.SYS[fffff880019b043f] -> nt!IofCallDriver -> [0xfffffa8004265b80]
09:33:40.324 5 amdxata.sys[fffff880011587a8] -> nt!IofCallDriver -> \Device\00000059[0xfffffa8004256060]
09:33:40.340 Scan finished successfully
09:33:53.163 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
09:33:53.179 The log file has been saved successfully to "G:\aswMBR.txt"
  • 0

#7
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Thank you for the logs.

You pasted the wrong log for FRST. I am looking for a log name fixlog.txt that will be located on the flash drive that you used to run FRST.
  • 0

#8
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Sorry - here is the correct log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-02-2013
Ran by SYSTEM at 2013-02-11 08:55:23 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ShopAtHomeWatcher Value deleted successfully.
HKEY_USERS\Owner\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell Value deleted successfully.
C:\Users\Owner\AppData\Roaming\ShopAtHome moved successfully.
C:\Users\Owner\AppData\Roaming\skype.dat moved successfully.
C:\Users\Owner\BITAE5D.tmp moved successfully.
C:\Users\Owner\AppData\Roaming\skype.ini moved successfully.
C:\Users\Owner\wgsdgsdgdsgsd.exe moved successfully.

==== End of Fixlog ====
  • 0

#9
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi dl9796,

Step 1: Run OTL fix. Please be aware that this fix will delete your temporary files. If the virus has "hidden" any of your files, please do not run the fix, but stop and let me know.
Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    
    :OTL
    IE - HKU\S-1-5-21-2434352869-186315765-158770976-1000\..\SearchScopes\{C79E675B-421D-4EA5-BFEA-79F12A4C7350}: "URL" = http://websearch.sho...q={searchTerms}
    O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll File not found
    O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Owner\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll File not found
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

Step 2: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 3: Upload MBR.dat

You should have a file name MBR.dat saved on your 4GB flash drive. Please go to VirusTotal and upload the file for a scan. Please send me a link to the scan results page. (As a note, please be sure in the future to run all programs from you desktop, as this makes it easier for cleanup and organization. aswMBR looks to have been run from your flash drive, and that is why the file is located there.)

Things I need in your next reply:
  • OTL fix log
  • adwCleaner log
  • link to VirusTotal results
  • How is your computer running now? Please let me know any symptoms

  • 0

#10
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hello - logs below - everything seems ok



OTL LOG
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2434352869-186315765-158770976-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C79E675B-421D-4EA5-BFEA-79F12A4C7350}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C79E675B-421D-4EA5-BFEA-79F12A4C7350}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{311B58DC-A4DC-4B04-B1B5-60299AD3D803} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311B58DC-A4DC-4B04-B1B5-60299AD3D803}\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 1753417442 bytes
->Temporary Internet Files folder emptied: 584095073 bytes
->Java cache emptied: 247733 bytes
->Google Chrome cache emptied: 7422652 bytes
->Flash cache emptied: 242039 bytes

User: Public

%systemdrive% .tmp files removed: 10560 bytes
%systemroot% .tmp files removed: 710504 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 405392526 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84860 bytes
RecycleBin emptied: 1312494 bytes

Total Files Cleaned = 2,625.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02112013_151850

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BP4GJCKX\15-adwcleaner[1].htm moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\TMP00000094C27970E63B71ABAA not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


ADW LOG

# AdwCleaner v2.112 - Logfile created 02/11/2013 at 15:52:11
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6550 octets] - [11/02/2013 15:50:53]
AdwCleaner[S1].txt - [6647 octets] - [11/02/2013 15:52:11]

########## EOF - C:\AdwCleaner[S1].txt - [6707 octets] ##########


LINK

https://www.virustot...14e2c/analysis/
  • 0

Advertisements


#11
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi dl9796,

You're logs are looking clean. Let's sweep for remnants.

Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run MBAM.

Please open MBAM
  • Update to the latest definitions.
  • Select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • SecurityCheck log
  • MBAM log
  • ESET log
  • Any outstanding problems?

  • 0

#12
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Hello - Logs attached - all seems well. The ESET scan found two errors but it looks like they were quarantined.

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Webroot AntiVirus with Spy Sweeper
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 39
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Webroot Security current plugins\antimalware\AEI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 7%
````````````````````End of Log``````````````````````


LOG 2
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.11.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

2/11/2013 8:02:33 PM
mbam-log-2013-02-11 (20-02-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212709
Time elapsed: 3 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

LOG3
C:\FRST\Quarantine\skype.dat Win32/LockScreen.APR trojan
C:\FRST\Quarantine\wgsdgsdgdsgsd.exe Win32/LockScreen.APR trojan
  • 0

#13
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Congratulations, dl9796 :). Your computer now appears to be clean. Please complete the followings steps to finalize the cleaning process.

Don't forget to re-enable you anti-virus protection (Webroot).

Please update these programs, as old versions pose a security risk.
  • Java

    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article and this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

    If you do need java, then you should definitely update to the latest version:

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, then click Remove JRE.
    • Run the built-in uninstallers for all copies of java listed
    • Click the Next button
    • Click the Next button again
    • Click the Java Manual Download link
    • A browser window will open with the Java download page
    • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
    • Run the installer
    • Close JavaRa
  • Adobe Reader -> You can get the latest version here.

    I would recommend securing Adobe Reader against the latest exploits as follows:
    • Launch Adobe Reader.
    • Click on Edit and select Preferences.
    • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
    • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    • Click the OK button.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.
  • Any logs, removal tools, or quarantine folders left over can be deleted now. If ESET is still installed, you can uninstall it from the "Programs and Features" menu in the control panel.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

First set up a new, clean restore point:
  • Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
  • In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the System Protection tab, and then click Create.
  • In the System Protection dialog box, type a description, and then click Create.

Then delete the old, infected ones:
  • Go Start > All Programs > Accessories > System Tools
  • Right click Disc Cleanup and select run as administrator
  • Then select the more options tab
  • Select system restore and shadow copies "Clean up"
  • Follow the prompts

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click onAll Programs, then Windows Update.
  • Click on Change Settings in the left pane and then check the option for Automatic Updates.

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

#14
dl9796

dl9796

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Thanks for all your help
  • 0

#15
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
You're welcome. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP