Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FBI moneypack malware [Solved]

Started by x_LUIS_X , May 15 2013 11:37 PM

  • This topic is locked This topic is locked

#1
x_LUIS_X
Posted 15 May 2013 - 11:37 PM

x_LUIS_X

    Member

  • Member
  • PipPipPip
  • 153 posts
I just have a question my pc was infected with this FBI moneypack malware a month ago and I did a system recovery a few hours ago this will solve the problem and erase the malware?

thanks in advance for your time...
  • 0

Advertisements

#2
maliprog
Posted 16 May 2013 - 11:47 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello x_LUIS_X and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

The best way is to check your system. Let's run few steps.

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 2

Download GMER from Here. Note the file\'s name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
x_LUIS_X
Posted 18 May 2013 - 03:42 PM

x_LUIS_X

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
Hi maliprog thank you for your help and time and here are the logs you requested

OTL

OTL logfile created on: 5/18/2013 2:42:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Desktop\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.47% Memory free
16.00 Gb Paging File | 14.05 Gb Available in Paging File | 87.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383.86 Gb Total Space | 1286.75 Gb Free Space | 92.98% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 1.64 Gb Free Space | 12.31% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-HP | User Name: Desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/18 14:33:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Desktop\Desktop\OTL.exe
PRC - [2013/05/15 00:09:04 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/01/04 15:21:22 | 000,404,712 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/02/10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2010/09/28 13:59:06 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/08/20 19:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/12/09 19:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2010/09/28 14:10:14 | 001,699,384 | ---- | M] () -- C:\Users\Desktop\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/09/28 13:59:20 | 012,286,008 | ---- | M] () -- C:\Users\Desktop\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/04/26 05:50:18 | 000,237,056 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/08/05 21:47:48 | 000,681,528 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/16 03:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/02/10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 12:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/08/20 19:57:28 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/18 19:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\Hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/31 19:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 19:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/06 09:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/26 07:47:20 | 011,172,864 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/26 04:32:46 | 000,339,456 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/21 18:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/24 09:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/03/10 09:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2009/12/22 03:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 9F 9D 86 AD CC CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{89EDC2F1-F4A2-4738-9F00-9D9B40E1D7C2}: "URL" = http://search.condui...&ctid=CT3196716
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/15 00:09:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/15 00:09:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72FE20F2-D41B-4944-B5AD-86E29B8C574A}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/18 14:33:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Desktop\Desktop\OTL.exe
[2013/05/17 19:43:52 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\HP MediaSmart Video
[2013/05/17 19:36:40 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\PeaZip
[2013/05/17 19:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/05/17 19:34:27 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/05/17 19:32:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/05/17 19:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
[2013/05/17 19:32:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PeaZip
[2013/05/16 09:14:21 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\CyberLink
[2013/05/16 09:14:16 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\CyberLink
[2013/05/16 09:14:15 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\PowerCinema
[2013/05/16 00:15:06 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\MigWiz
[2013/05/15 23:39:55 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\WinPatrol
[2013/05/15 23:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2013/05/15 23:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/05/15 23:39:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2013/05/15 23:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/05/15 23:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/15 23:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/05/15 23:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/05/15 23:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013/05/15 18:51:19 | 000,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Importants Documents
[2013/05/15 18:49:58 | 000,000,000 | ---D | C] -- C:\Users\Desktop\Documents\New
[2013/05/15 18:49:09 | 000,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Documents
[2013/05/15 18:48:52 | 000,000,000 | R--D | C] -- C:\Users\Desktop\Documents\Favorites
[2013/05/15 18:33:58 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\HpUpdate
[2013/05/15 18:02:47 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/05/15 18:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2013/05/15 17:59:42 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/05/15 17:59:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013/05/15 17:58:25 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\OpenCandy
[2013/05/15 17:58:25 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\DVDVideoSoft
[2013/05/15 17:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013/05/15 17:58:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/05/15 17:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/05/15 17:34:38 | 000,000,000 | ---D | C] -- C:\Users\Desktop\Documents\Apps
[2013/05/15 17:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab
[2013/05/15 17:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2013/05/15 17:26:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8 Qt
[2013/05/15 17:08:49 | 000,000,000 | ---D | C] -- C:\Users\Desktop\Documents\DVDFab
[2013/05/15 17:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8
[2013/05/15 17:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8
[2013/05/15 00:19:56 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\CrashDumps
[2013/05/15 00:09:53 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\RealNetworks
[2013/05/15 00:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/05/15 00:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/05/15 00:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/05/15 00:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/05/15 00:09:05 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/05/15 00:09:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/05/15 00:08:40 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Real
[2013/05/15 00:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/05/14 23:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/05/14 23:19:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2013/05/14 23:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013/05/14 23:18:32 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013/05/14 23:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/05/14 22:27:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/05/14 22:27:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/05/14 22:21:34 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013/05/14 22:20:56 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013/05/14 21:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/05/14 21:52:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/05/14 21:52:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/05/14 20:01:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/05/14 20:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2013/05/14 19:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/05/14 19:10:36 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Hewlett-Packard
[2013/05/14 19:10:31 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Hewlett-Packard
[2013/05/14 19:10:17 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Hewlett-Packard_Company
[2013/05/14 19:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\User Guides
[2013/05/14 19:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/05/14 19:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\AppData\Local\Temporary Internet Files
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\Templates
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\Start Menu
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\SendTo
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\Recent
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\PrintHood
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\NetHood
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\Documents\My Videos
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\Documents\My Pictures
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\Documents\My Music
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\My Documents
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\Local Settings
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\AppData\Local\History
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\Cookies
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\Application Data
[2013/05/14 19:09:46 | 000,000,000 | -HSD | C] -- C:\Users\Desktop\AppData\Local\Application Data
[2013/05/14 19:09:41 | 000,000,000 | --SD | C] -- C:\Users\Desktop\AppData\Roaming\Microsoft
[2013/05/14 19:09:41 | 000,000,000 | R--D | C] -- C:\Users\Desktop\Videos
[2013/05/14 19:09:41 | 000,000,000 | R--D | C] -- C:\Users\Desktop\Saved Games
[2013/05/14 19:09:41 | 000,000,000 | R--D | C] -- C:\Users\Desktop\Pictures
[2013/05/14 19:09:41 | 000,000,000 | R--D | C] -- C:\Users\Desktop\Music
[2013/05/14 19:09:41 | 000,000,000 | R--D | C] -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/14 19:09:41 | 000,000,000 | R--D | C] -- C:\Users\Desktop\Links
[2013/05/14 19:09:41 | 000,000,000 | R--D | C] -- C:\Users\Desktop\Favorites
[2013/05/14 19:09:41 | 000,000,000 | R--D | C] -- C:\Users\Desktop\Downloads
[2013/05/14 19:09:41 | 000,000,000 | R--D | C] -- C:\Users\Desktop\Documents
[2013/05/14 19:09:41 | 000,000,000 | R--D | C] -- C:\Users\Desktop\Desktop
[2013/05/14 19:09:41 | 000,000,000 | R--D | C] -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/14 19:09:41 | 000,000,000 | -H-D | C] -- C:\Users\Desktop\AppData
[2013/05/14 19:09:41 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Temp
[2013/05/14 19:09:41 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\Microsoft
[2013/05/14 19:09:41 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Media Center Programs
[2013/05/14 19:09:41 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Macromedia
[2013/05/14 19:09:41 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\HuluDesktop
[2013/05/14 18:22:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/05/14 18:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/05/14 18:20:05 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Adobe
[2013/05/14 18:18:40 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\ATI
[2013/05/14 18:18:40 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\ATI
[2013/05/14 18:18:37 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\PictureMover
[2013/05/14 18:17:38 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\PDFC
[2013/05/14 18:17:27 | 000,000,000 | R--D | C] -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/14 18:17:27 | 000,000,000 | R--D | C] -- C:\Users\Desktop\Searches
[2013/05/14 18:17:27 | 000,000,000 | R--D | C] -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/14 18:17:27 | 000,000,000 | -H-D | C] -- C:\Users\Desktop\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/14 18:17:20 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Roaming\Identities
[2013/05/14 18:17:19 | 000,000,000 | R--D | C] -- C:\Users\Desktop\Contacts
[2013/05/14 18:17:18 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\VirtualStore
[2013/05/14 18:16:54 | 000,000,000 | ---D | C] -- C:\Users\Desktop\AppData\Local\RemEngine
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/18 14:36:42 | 000,377,856 | ---- | M] () -- C:\ui0gcx3x.exe
[2013/05/18 14:33:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Desktop\Desktop\OTL.exe
[2013/05/18 14:16:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/17 19:34:27 | 000,001,270 | ---- | M] () -- C:\Users\Desktop\Desktop\Revo Uninstaller.lnk
[2013/05/17 19:32:34 | 000,000,985 | ---- | M] () -- C:\Users\Desktop\Desktop\PeaZip.lnk
[2013/05/17 14:54:03 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 14:54:03 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 14:51:38 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/17 14:51:38 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/17 14:51:38 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/17 14:46:22 | 2146,918,399 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/16 07:42:08 | 000,279,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/15 18:02:47 | 000,001,013 | ---- | M] () -- C:\Users\Desktop\Desktop\CCleaner.lnk
[2013/05/15 17:59:39 | 000,001,245 | ---- | M] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/05/15 17:26:47 | 000,001,059 | ---- | M] () -- C:\Users\Desktop\Desktop\DVDFab Profile Editor.lnk
[2013/05/15 17:26:47 | 000,001,022 | ---- | M] () -- C:\Users\Desktop\Desktop\DVDFab 8 Qt.lnk
[2013/05/15 17:08:47 | 000,001,001 | ---- | M] () -- C:\Users\Desktop\Desktop\DVDFab 8.lnk
[2013/05/15 00:09:30 | 000,001,270 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/05/15 00:09:05 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/05/14 23:20:51 | 000,173,324 | ---- | M] () -- C:\Windows\hpoins46.dat
[2013/05/14 23:04:27 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/14 23:04:26 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/14 21:47:00 | 000,001,443 | ---- | M] () -- C:\Users\Desktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/14 20:08:53 | 000,039,219 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/05/14 20:08:53 | 000,039,219 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/05/14 19:10:02 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_53316J G D_HPE-500f_Y53316J G D_0U_Q4CE051_ECC10121502 DPS_4A_I2AB1_SFOXCONN_V1.00_6.04_T100907_WU3-0_L409_M8192_J1500_7AMD_8FA0_92.70_#110218_N10EC8136;18143090_(BV535AA#ABA)_X_CD3_Z_2_G10026779.MRK
[2013/05/14 19:10:02 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_53316J G D_HPE-500f_Y53316J G D_0U_Q4CE051_ECC10121502 DPS_4A_I2AB1_SFOXCONN_V1.00_6.04_T100907_WU3-0_L409_M8192_J1500_7AMD_8FA0_92.70_#110218_N10EC8136;18143090_(BV535AA#ABA)_X_CD3_Z_2_G10026779.MRK
[2013/05/14 18:23:22 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/18 14:36:41 | 000,377,856 | ---- | C] () -- C:\ui0gcx3x.exe
[2013/05/17 19:34:27 | 000,001,270 | ---- | C] () -- C:\Users\Desktop\Desktop\Revo Uninstaller.lnk
[2013/05/17 19:32:34 | 000,000,985 | ---- | C] () -- C:\Users\Desktop\Desktop\PeaZip.lnk
[2013/05/15 18:02:47 | 000,001,013 | ---- | C] () -- C:\Users\Desktop\Desktop\CCleaner.lnk
[2013/05/15 17:59:39 | 000,001,245 | ---- | C] () -- C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
[2013/05/15 17:40:32 | 000,002,543 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[2013/05/15 17:26:47 | 000,001,059 | ---- | C] () -- C:\Users\Desktop\Desktop\DVDFab Profile Editor.lnk
[2013/05/15 17:26:47 | 000,001,022 | ---- | C] () -- C:\Users\Desktop\Desktop\DVDFab 8 Qt.lnk
[2013/05/15 17:08:47 | 000,001,001 | ---- | C] () -- C:\Users\Desktop\Desktop\DVDFab 8.lnk
[2013/05/15 00:09:30 | 000,001,270 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/05/14 23:17:53 | 000,173,324 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/05/14 23:17:53 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2013/05/14 23:04:27 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/14 23:04:26 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/14 22:23:27 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013/05/14 22:20:38 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013/05/14 22:20:15 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013/05/14 22:20:15 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013/05/14 22:20:05 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013/05/14 20:01:44 | 2146,918,399 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/14 19:37:30 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/14 19:13:52 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/05/14 19:10:20 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2013/05/14 19:10:20 | 000,002,272 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2013/05/14 19:10:20 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/05/14 19:10:09 | 000,001,787 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warranty.lnk
[2013/05/14 19:10:02 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_53316J G D_HPE-500f_Y53316J G D_0U_Q4CE051_ECC10121502 DPS_4A_I2AB1_SFOXCONN_V1.00_6.04_T100907_WU3-0_L409_M8192_J1500_7AMD_8FA0_92.70_#110218_N10EC8136;18143090_(BV535AA#ABA)_X_CD3_Z_2_G10026779.MRK
[2013/05/14 19:10:02 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_53316J G D_HPE-500f_Y53316J G D_0U_Q4CE051_ECC10121502 DPS_4A_I2AB1_SFOXCONN_V1.00_6.04_T100907_WU3-0_L409_M8192_J1500_7AMD_8FA0_92.70_#110218_N10EC8136;18143090_(BV535AA#ABA)_X_CD3_Z_2_G10026779.MRK
[2013/05/14 19:09:41 | 000,001,974 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
[2013/05/14 19:09:41 | 000,000,290 | ---- | C] () -- C:\Users\Desktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/14 19:09:41 | 000,000,272 | ---- | C] () -- C:\Users\Desktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/14 18:23:22 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/05/14 18:23:06 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/14 18:20:01 | 000,001,443 | ---- | C] () -- C:\Users\Desktop\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/14 18:17:28 | 000,001,419 | ---- | C] () -- C:\Users\Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/04/26 04:52:40 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/04/26 04:52:40 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/09/12 23:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 23:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/15 17:59:42 | 000,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\DVDVideoSoft
[2013/05/15 17:59:42 | 000,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\DVDVideoSoftIEHelpers
[2013/05/17 19:32:24 | 000,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\OpenCandy
[2013/05/17 19:37:35 | 000,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\PeaZip
[2013/05/14 18:18:38 | 000,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\PictureMover
[2013/05/16 07:42:33 | 000,000,000 | ---D | M] -- C:\Users\Desktop\AppData\Roaming\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2013/05/18 14:36:42 | 000,377,856 | ---- | M] () -- C:\ui0gcx3x.exe

< MD5 for: EXPLORER.EXE >
[2010/12/15 12:00:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/12/15 12:02:03 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/12/15 12:00:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/12/15 11:58:44 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/12/15 12:02:03 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/12/15 11:58:44 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/12/15 12:02:03 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/12/15 11:58:44 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/12/15 12:02:03 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/12/15 12:00:15 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/12/15 11:58:44 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/12/15 12:00:15 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/12/15 12:02:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/12/15 12:02:03 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >
  • 0

#4
x_LUIS_X
Posted 18 May 2013 - 03:43 PM

x_LUIS_X

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
OTL Extras

OTL Extras logfile created on: 5/18/2013 2:42:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Desktop\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.52 Gb Available Physical Memory | 81.47% Memory free
16.00 Gb Paging File | 14.05 Gb Available in Paging File | 87.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1383.86 Gb Total Space | 1286.75 Gb Free Space | 92.98% Space Free | Partition Type: NTFS
Drive D: | 13.31 Gb Total Space | 1.64 Gb Free Space | 12.31% Space Free | Partition Type: NTFS

Computer Name: DESKTOP-HP | User Name: Desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PeaZip] -- Reg Error: Value error.
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05D00BF1-BB37-4B22-868D-B6037D423478}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31B22E73-28A8-49AA-ADB4-67E9FCBB3408}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3479770D-E6AC-4A18-8180-FDE441F3C772}" = lport=138 | protocol=17 | dir=in | app=system |
"{35EEEA22-8391-45D7-9E98-40D3DF7FF917}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3BE7225F-67D2-4D64-95D8-F664391074D6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3D0873B7-C9F8-4997-A66B-247C2D05A34A}" = rport=137 | protocol=17 | dir=out | app=system |
"{512C324D-93DB-49E6-A1EF-68DF3D88C154}" = lport=139 | protocol=6 | dir=in | app=system |
"{5DFA2A27-A84F-4AC2-81BB-BDEC4E2B39C3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{63268EC6-1797-4A4B-A97E-874A587230FF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73ED960E-9A8F-4FFC-A03B-3B30AAB2A1A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7EF72D44-383C-429E-980B-3FDCAB1D0C50}" = lport=7000 | protocol=6 | dir=in | name=windows easy transfer tcp port |
"{8578B1EB-1082-4060-B15D-1A0D96DA7973}" = rport=139 | protocol=6 | dir=out | app=system |
"{8B63C149-2A1C-444E-8039-46278E204085}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A9A6ECC-B72B-4392-9CB9-77FCC212EAB1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A53060DA-E595-4BE0-B350-85CFAC020406}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9060C52-C9E2-4D4F-A580-A5C95B5185C6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{ADFDA0FC-1655-477D-8B9B-C6FE27307AFF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF268598-8FC4-4414-B8AA-2D16D98007FD}" = lport=7000 | protocol=17 | dir=in | name=windows easy transfer udp port |
"{B10342D8-526B-46CF-9B1D-7548BBD1A381}" = lport=137 | protocol=17 | dir=in | app=system |
"{D0B30522-EA21-4010-990E-D48138EFBD2A}" = rport=138 | protocol=17 | dir=out | app=system |
"{D842DDEE-83C9-4172-8303-ADBF1E29BFA3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D8511C6E-EB16-4770-8E22-C5CAB9E8EBFF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EC4EBDB3-02C3-453A-A792-A46C509172A6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F08B98B9-A44D-4C0A-BACC-C7D09E74510D}" = rport=445 | protocol=6 | dir=out | app=system |
"{F812F8FB-D2AA-4E65-9C29-9F9E0C423141}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0959A843-1784-43F2-9946-E8FE79528315}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{1425FA10-143A-4583-AF7C-6D17747E5CD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{15D568CA-CBD4-4C5E-8766-6F103A0334C6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{21DB0346-D1F9-4FA6-B2CB-767A890ED4D8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{23C2B56A-476B-4CD6-B9BA-5300E94D57D8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{2531ECD7-9689-4712-8403-F5A83ADE8B61}" = protocol=6 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{280A091A-2F8E-472B-A2E9-4CAD212BC3CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{340D9D66-587F-47AC-BE16-881271B377E3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{3C7C0377-63CD-4B02-B702-7500FB8DCD92}" = protocol=6 | dir=out | app=system |
"{3FB3A7B9-29EC-44FD-AF6E-B87B79347525}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44A80C47-4E6E-4286-97C9-D38D0EE8E89F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4D449D28-E099-4E79-99E1-48EF804BCD56}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{573E4390-D5BD-4C36-9BB4-319E203117FF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5C96C06E-F65F-43E5-9B5B-CCA504221E79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A32A921-201B-4919-BFC5-54A5B2BFC858}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe |
"{6F0F1ABF-5455-40EB-8799-300A0CA339CD}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{70590316-1931-4C44-8E35-1AA5240D89F2}" = protocol=17 | dir=in | app=c:\windows\system32\migwiz\migwiz.exe |
"{72CF4D27-42B1-42AB-94CE-E4410EEF3024}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe |
"{88226265-7048-4EE3-AE0D-C31AF7B2EB54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{893BAE12-252A-4F5A-AA8D-3827F9318B35}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{97F2547F-8671-408B-B6F2-64A559AAF54D}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{A131C6A8-3B5F-44FD-88FB-6362F01B9C85}" = protocol=1 | dir=in | [email protected],-28543 |
"{A19095FB-4B97-4ED4-B0E0-309AE471086A}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{A2985BEB-3A5B-4558-9E85-B68A16890647}" = protocol=58 | dir=out | [email protected],-28546 |
"{A3A3A5BE-B6C0-4772-BCBD-E3C23CB70277}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{A486AAB1-BB92-4311-AE80-A8DD7996B141}" = protocol=58 | dir=in | [email protected],-28545 |
"{A94BE5B2-167E-4C04-9CD8-6B9E2A5DA12B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{AD0B2F84-AA34-4219-9DA4-4230579B7022}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{AD4C159A-8F90-4AEC-B1F9-CE1F809D3FE5}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe |
"{AF284D7C-E110-408C-9B8C-6BBD0E6CB1F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B1913046-7A9D-45C5-BD49-BE9E4DF804B0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C05029E9-50A2-4A1B-95C0-839815125004}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{CA137E4C-0982-4548-81C6-DC859DAD4776}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CAD4148C-7C76-4AD6-B810-C6E9F74D86BA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{CB4037A5-DAB5-453D-8913-FF3CCA82EEBE}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"{D8FC9049-BCDF-4219-9F21-6B0DEEB127C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E97DFF80-F395-498F-A68E-8121095CC81F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EAA37A0B-B7C5-4AE7-91DD-FB332A151CE3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EDF9436E-B524-4CB5-A633-09F5D08EA221}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{FA26AA43-B36E-4156-B062-2917B63CB574}" = protocol=1 | dir=out | [email protected],-28544 |
"{FB86D491-0719-430C-82D1-C977DE8CDFD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}" = HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{3001791D-2CA6-6FE3-BE0F-8EA7522B32D4}" = ATI Catalyst Install Manager
"{3184267F-B0D9-0657-D705-0C700B481A18}" = ccc-utility64
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{80C27FE9-C6C4-F5C8-EAD3-09E7E0102E78}" = ATI Stream SDK v2 Developer
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E59637F-DA32-E400-92F6-3E84DB1DFB8D}" = CCC Help Portuguese
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{13FED2DC-8185-351F-72B2-C1CAB3A8860B}" = CCC Help Turkish
"{1826A2E3-22EE-ACC6-BB3A-80EEFF23167A}" = CCC Help Danish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A66A9AD-7BC1-8E9C-25EE-A5C2B07FA59E}" = CCC Help Finnish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28CD5009-54CA-ED14-6A17-47803585FF5F}" = Catalyst Control Center Localization All
"{28D1AF2F-9574-DABC-BA08-72F3356960D2}" = CCC Help Polish
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A41AD80-C9C8-3CD0-2BEA-05731A9483DF}" = ccc-core-static
"{2C9CA30C-E2B7-0D3A-291D-4808973E6F8C}" = CCC Help Italian
"{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix
"{2F4C493B-28D8-5054-13E9-91F05903887B}" = CCC Help Dutch
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{38069E07-617C-8074-4F67-BAFFFBB7E7FA}" = CCC Help Spanish
"{3D4C2961-3353-4C56-B0B8-82AC1923695F}" = Catalyst Control Center - Branding
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{49DA021B-1C01-36D0-ABDF-3B9BED567EED}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDC0530-445B-47F2-36A0-758DE8903B44}" = CCC Help German
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{5208F7DB-9DAA-E5CA-EEC3-1B004D66A8EB}" = CCC Help Chinese Standard
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{58F095F8-3F66-528A-0BF6-DF1A7B304EC0}" = CCC Help Korean
"{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 4.9.2
"{5E38ABC5-71C2-04D8-62F0-C44B53E7DED8}" = Catalyst Control Center Graphics Previews Vista
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{751D221F-7C37-C83F-1973-A1F92A0F4DF6}" = HydraVision
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{85498904-0748-45AA-9482-6DB8EA971B91}" = DJ_AIO_06_F4500_SW_MIN
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader
"{913E7600-FA3A-B125-1EA6-391D59C258F6}" = CCC Help Czech
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{959DFE5E-B55F-4A0A-9E71-2970C98C3164}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AEDD629-A40E-5EB1-2E70-E84DDE915C16}" = CCC Help Norwegian
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AEDDD2D4-0BE7-71D9-2091-9F8AA4A4806D}" = Catalyst Control Center InstallProxy
"{B1A4A13D-4665-4ED3-9DFE-F845725FBBD8}" = HP Support Assistant
"{B31D9B68-A844-191A-C652-4EA715A8CD92}" = CCC Help French
"{B3435D6A-B061-D8E5-C9AD-2D63C823C50C}" = CCC Help Swedish
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{BE05B1E6-3C47-32DC-113B-7DB85FD6BE75}" = CCC Help Hungarian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6FD5FE2-3635-0C15-6D3C-95FCAA51A3CE}" = CCC Help Greek
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D9742D19-38EE-B2BE-5902-44130C4008FA}" = CCC Help Japanese
"{DBF625A1-9F84-1533-E08E-D1EBBE5001DD}" = Catalyst Control Center Graphics Previews Common
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE6E96CA-AD23-BBD7-4304-B6D4EA0F1933}" = CCC Help Thai
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E141B1E0-BA8A-750F-4106-FC6AAB8950E0}" = CCC Help English
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"Adobe AIR" = Adobe AIR
"CCleaner" = CCleaner
"DVDFab 8 Qt_is1" = DVDFab 8.2.2.8 (26/02/2013) Qt
"DVDFab 8_is1" = DVDFab 8.0.6.8 (05/01/2011)
"Free Studio_is1" = Free Studio version 2013
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Kobo" = Kobo
"My HP Game Console" = HP Game Console
"PDF Complete" = PDF Complete Special Edition
"RealPlayer 16.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.94
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/14/2013 9:06:44 PM | Computer Name = Desktop-HP | Source = Application Error | ID = 1000
Description = Faulting application name: MsMpEng.exe, version: 4.2.223.0, time stamp:
0x51023a8b Faulting module name: msvcrt.dll, version: 7.0.7600.16385, time stamp:
0x4a5bdfbe Exception code: 0xc0000005 Fault offset: 0x0000000000003f2a Faulting process
id: 0x36c Faulting application start time: 0x01ce510288431208 Faulting application
path: c:\Program Files\Microsoft Security Client\MsMpEng.exe Faulting module path:
C:\Windows\system32\msvcrt.dll Report Id: b4e9143e-bcfb-11e2-bff5-64315045182c

Error - 5/14/2013 9:06:50 PM | Computer Name = Desktop-HP | Source = MsiInstaller | ID = 11935
Description =

Error - 5/14/2013 9:07:29 PM | Computer Name = Desktop-HP | Source = Application Error | ID = 1000
Description = Faulting application name: MsMpEng.exe, version: 4.2.223.0, time stamp:
0x51023a8b Faulting module name: msvcrt.dll, version: 7.0.7600.16385, time stamp:
0x4a5bdfbe Exception code: 0xc0000005 Fault offset: 0x0000000000003f2a Faulting process
id: 0x3ac Faulting application start time: 0x01ce510885ce95a8 Faulting application
path: c:\Program Files\Microsoft Security Client\MsMpEng.exe Faulting module path:
C:\Windows\system32\msvcrt.dll Report Id: cfb7b36e-bcfb-11e2-bff5-64315045182c

Error - 5/14/2013 9:07:33 PM | Computer Name = Desktop-HP | Source = MsiInstaller | ID = 11935
Description =

Error - 5/14/2013 9:29:57 PM | Computer Name = Desktop-HP | Source = Application Error | ID = 1000
Description = Faulting application name: MsMpEng.exe, version: 4.2.223.0, time stamp:
0x51023a8b Faulting module name: msvcrt.dll, version: 7.0.7600.16385, time stamp:
0x4a5bdfbe Exception code: 0xc0000005 Fault offset: 0x0000000000003f2a Faulting process
id: 0x127c Faulting application start time: 0x01ce51089e42f8b3 Faulting application
path: c:\Program Files\Microsoft Security Client\MsMpEng.exe Faulting module path:
C:\Windows\system32\msvcrt.dll Report Id: f315fc5e-bcfe-11e2-bff5-64315045182c

Error - 5/14/2013 9:31:14 PM | Computer Name = Desktop-HP | Source = MsiInstaller | ID = 11935
Description =

Error - 5/14/2013 9:42:32 PM | Computer Name = Desktop-HP | Source = MsiInstaller | ID = 11935
Description =

Error - 5/14/2013 9:56:16 PM | Computer Name = Desktop-HP | Source = MsiInstaller | ID = 11935
Description =

[ System Events ]
Error - 5/15/2013 12:40:13 AM | Computer Name = Desktop-HP | Source = DCOM | ID = 10010
Description =

Error - 5/15/2013 12:51:59 AM | Computer Name = Desktop-HP | Source = WMPNetworkSvc | ID = 866321
Description =

Error - 5/15/2013 12:51:59 AM | Computer Name = Desktop-HP | Source = WMPNetworkSvc | ID = 866317
Description =

Error - 5/15/2013 12:51:59 AM | Computer Name = Desktop-HP | Source = WMPNetworkSvc | ID = 866321
Description =

Error - 5/15/2013 12:51:59 AM | Computer Name = Desktop-HP | Source = WMPNetworkSvc | ID = 866317
Description =

Error - 5/15/2013 7:05:39 PM | Computer Name = Desktop-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 5/15/2013 7:05:39 PM | Computer Name = Desktop-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 5/15/2013 7:05:40 PM | Computer Name = Desktop-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 5/15/2013 7:05:40 PM | Computer Name = Desktop-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 5/15/2013 7:05:41 PM | Computer Name = Desktop-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.


< End of report >
  • 0

#5
x_LUIS_X
Posted 18 May 2013 - 03:46 PM

x_LUIS_X

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
GMER LOG

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-18 15:28:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000051 WDC_WD15 rev.51.0 1397.27GB
Running: ui0gcx3x.exe; Driver: C:\Users\Desktop\AppData\Local\Temp\fxliakoc.sys


---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [356:1444] 000007fef9c059a0
Thread C:\Windows\System32\svchost.exe [356:2528] 000007fef6a620c0
Thread C:\Windows\System32\svchost.exe [356:2532] 000007fef6a626a8
Thread C:\Windows\System32\svchost.exe [356:2540] 000007fef6a014a0
Thread C:\Windows\System32\svchost.exe [356:2688] 000007fef642a2b0
Thread C:\Windows\System32\svchost.exe [356:2980] 000007fef7ec44e0
Thread C:\Windows\System32\svchost.exe [356:3472] 000007fefc591a70
Thread C:\Windows\System32\svchost.exe [356:3672] 000007feed7f3efc
Thread C:\Windows\System32\svchost.exe [356:3296] 000007feed838a4c
Thread C:\Windows\System32\svchost.exe [356:4572] 000007fef86088f8
Thread C:\Windows\System32\svchost.exe [356:7124] 000007fef6a629dc
Thread C:\Windows\system32\svchost.exe [1228:6280] 000007fef9a8341c
Thread C:\Windows\system32\svchost.exe [1228:6192] 000007fef9a83a2c
Thread C:\Windows\system32\svchost.exe [1228:672] 000007fef9a83768
Thread C:\Windows\system32\svchost.exe [1228:6532] 000007fef9a85c20
Thread C:\Windows\System32\spoolsv.exe [1564:2308] 000007fef6ed10c8
Thread C:\Windows\System32\spoolsv.exe [1564:2316] 000007fef6e96144
Thread C:\Windows\System32\spoolsv.exe [1564:2320] 000007fef6c85fd0
Thread C:\Windows\System32\spoolsv.exe [1564:2324] 000007fef6c73438
Thread C:\Windows\System32\spoolsv.exe [1564:2328] 000007fef6c863ec
Thread C:\Windows\System32\spoolsv.exe [1564:2336] 000007fef6f65e5c
Thread C:\Windows\system32\taskhost.exe [236:2792] 000007fefa311010
Thread C:\Windows\system32\taskhost.exe [236:352] 000007fef5795170
Thread C:\Windows\SysWOW64\ntdll.dll [1812:2940] 000000000045cfe7
Thread C:\Windows\SysWOW64\ntdll.dll [2292:1680] 000000000040212f
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3528:3660] 000007fefb0d2a7c

---- Registry - GMER 2.1 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Desktop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Geeks to Go! \x2013 Free help from tech experts.website 1

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----
  • 0

#6
maliprog
Posted 20 May 2013 - 12:06 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi x_LUIS_X,

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
x_LUIS_X
Posted 20 May 2013 - 09:33 PM

x_LUIS_X

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
Hi Maliprog here is the log it didn't find anything wrong


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.20.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Desktop :: DESKTOP-HP [administrator]

Protection: Enabled

5/20/2013 9:20:57 PM
mbam-log-2013-05-20 (21-20-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211174
Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#8
maliprog
Posted 20 May 2013 - 11:07 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi x_LUIS_X,

Your logs and system looks clean now. If you don't have any problems I will remove my tools and call this one finished.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#9
x_LUIS_X
Posted 20 May 2013 - 11:46 PM

x_LUIS_X

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 153 posts
thank you so much for your help and time...
  • 0

#10
maliprog
Posted 20 May 2013 - 11:51 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP