Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

keylogger trouble


  • This topic is locked This topic is locked
16 replies to this topic

#1 sublime4ever81

sublime4ever81

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 28 September 2010 - 11:46 AM

I think I have a kelyogger. I was in the middle of typing my problem out and someone(not me) just deleted every last letter I typed. I didn't hilight anything and this is quite on par for what has been going on. I use spyware doctor and I pay close attention to the entries being scanned. One entry was a lantern keylogger which has been quite invisible. So much so that spyware doctor doesn't pick up on it, and the useless pc tools tech support team keeps giving me the run-around. I had monumental infections on my PC and it got so bad that I had to quit using it. The thing is that when I finally got fed up with it I had my brand new laptop on but it had never been signed onto the internet at that point. Somehow someone or something that had infected my PC tried to break into my laptop. Since then I have had sporadic slowdowns, disappearing text and other issues that are keylogger related. here is my hijack this log. Please someone help! I paid so much money for this laptop and I know I'm infected.

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Spyware Doctor\pctsGui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Spyware Doctor\BDT\FGuard.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\CCleaner\ccleaner.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files (x86)\Spyware Doctor\BDT\FGuard.exe
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

Edited by Orange Blossom, 28 September 2010 - 01:43 PM.
Move to log forum from AV forum. ~ OB


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 02 October 2010 - 11:40 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 sublime4ever81

sublime4ever81
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 05 October 2010 - 12:08 PM

Ok, well I did everything I could that you asked but as far as the rootkit scanner many of the options for scanning that you asked me to select/deselect only a few options were even selectable. I also got an error message when I ran the program that said system32 config is either locked or being used by another program. This has been happening a lot lately. When I scanned for hidden data streams with hijack this I found a number of items; none of which I could remove. I've also found entries for an aim sniffer and a latern keylogger and lantern keylogger remover. Firefox became so corrupted that I had to uninstall and go back to using internet explorer much to my dismay. I don't like too many things by microsoft. I also found entries for cngaudit.dll and if I'm not mistaken this can be a malicious file that uses hidden rootkits to embed itself in a computer without detection. Anyway here is the one set of logs you asked for. I can't do much of anything with the rootkit detector but I have some other logs from different programs that show a lot of hidden and locked files that I can neither find nor delete.

OTL logfile created on: 10/4/2010 12:16:12 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Eric\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.17 Gb Total Space | 239.49 Gb Free Space | 83.98% Space Free | Partition Type: NTFS
Drive D: | 12.72 Gb Total Space | 2.13 Gb Free Space | 16.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIC-PC
Current User Name: Eric
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/04 12:14:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2010/09/23 09:47:50 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsGui.exe
PRC - [2010/09/02 15:00:28 | 000,235,472 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/09/02 14:48:16 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\FGuard.exe
PRC - [2010/08/30 08:03:22 | 001,145,816 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010/07/14 10:09:29 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/03/15 13:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2009/07/23 23:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 14:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/02/06 21:51:28 | 003,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/04 12:14:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
MOD - [2010/08/04 12:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/28 15:47:11 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/04/28 15:47:11 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/30 20:42:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 16:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/09/02 15:00:28 | 000,235,472 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/08/30 08:03:22 | 001,145,816 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/15 13:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/08/18 13:51:18 | 000,254,624 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/04/28 15:51:37 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/28 15:48:43 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010/04/28 15:48:42 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/28 15:47:11 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/20 19:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel®
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 18:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/08 16:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 16:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/01 16:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 16:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 16:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/29 14:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/07 19:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/09 04:53:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\Spyware Doctor\BDT\Firefox\ [2010/09/25 12:16:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\Spyware Doctor\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4116597273-1438906312-780790896-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4116597273-1438906312-780790896-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - StartUpReg: ISTray - hkey= - key= - C:\Program Files (x86)\Spyware Doctor\pctsGui.exe (PC Tools)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/04 12:14:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2010/09/28 12:52:30 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010/09/28 12:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/28 11:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/09/28 11:52:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Yahoo!
[2010/09/28 11:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/09/25 12:16:12 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2010/09/25 12:16:12 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2010/09/25 12:16:05 | 000,177,904 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2010/09/25 12:16:05 | 000,116,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2010/09/25 12:16:05 | 000,042,968 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-DNS64.sys
[2010/09/24 12:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/09/24 12:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010/09/22 12:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/09/11 13:45:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Kingsoft
[2010/09/11 12:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kingsoft
[2010/09/11 12:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Kingsoft
[2010/09/11 12:40:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\nsklog
[2010/09/11 12:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\kingsoft
[2010/08/06 11:06:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Mozilla
[2010/08/06 11:06:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Mozilla
[2010/08/05 10:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[50 C:\Users\Eric\Documents\*.tmp files -> C:\Users\Eric\Documents\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/04 12:19:38 | 002,883,584 | -HS- | M] () -- C:\Users\Eric\ntuser.dat
[2010/10/04 12:14:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2010/10/04 12:08:53 | 000,100,558 | ---- | M] () -- C:\Users\Eric\Documents\civil war research paper.docx
[2010/10/04 12:08:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/04 09:44:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 09:44:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 09:34:26 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/04 09:34:23 | 001,048,576 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.2.regtrans-ms
[2010/10/04 09:34:22 | 001,048,576 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.1.regtrans-ms
[2010/10/04 09:34:22 | 001,048,576 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.0.regtrans-ms
[2010/10/04 09:34:22 | 000,065,536 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.blf
[2010/10/04 09:34:20 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForEric.job
[2010/10/04 09:34:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/04 09:34:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/04 09:34:10 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 09:29:58 | 001,809,035 | -H-- | M] () -- C:\Users\Eric\AppData\Local\IconCache.db
[2010/09/30 10:31:54 | 001,178,682 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/09/29 11:24:39 | 000,000,136 | ---- | M] () -- C:\Users\Eric\Desktop\Chess Titans.lnk
[2010/09/28 12:03:00 | 000,002,093 | ---- | M] () -- C:\Users\Eric\Desktop\HijackThis.lnk
[2010/09/28 11:52:56 | 000,001,007 | ---- | M] () -- C:\Users\Eric\Desktop\CCleaner.lnk
[2010/09/27 17:38:05 | 000,016,697 | ---- | M] () -- C:\Users\Eric\Documents\Ritual Magic Notes.docx
[2010/09/27 15:09:47 | 000,000,162 | -H-- | M] () -- C:\Users\Eric\Documents\~$tual Magic Notes.docx
[2010/09/26 12:15:41 | 000,248,412 | ---- | M] () -- C:\Users\Eric\Documents\sighting essay.docx
[2010/09/25 12:16:09 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/09/24 14:37:08 | 000,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7b-c805-11df-8a5a-c8a9deda4ed9}.TMContainer00000000000000000002.regtrans-ms
[2010/09/24 14:37:08 | 000,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7b-c805-11df-8a5a-c8a9deda4ed9}.TMContainer00000000000000000001.regtrans-ms
[2010/09/24 14:37:08 | 000,065,536 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7b-c805-11df-8a5a-c8a9deda4ed9}.TM.blf
[2010/09/21 11:07:01 | 000,001,409 | ---- | M] () -- C:\Users\Eric\Desktop\Internet Explorer (64-bit).lnk
[2010/09/16 11:15:07 | 000,720,488 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/16 11:15:07 | 000,619,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/16 11:15:07 | 000,105,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/15 10:49:26 | 000,012,523 | ---- | M] () -- C:\Users\Eric\Documents\The Real Truth about Marijuana.docx
[2010/09/10 12:30:55 | 000,010,217 | ---- | M] () -- C:\Users\Eric\Documents\book clipboard.docx
[2010/09/09 14:24:48 | 000,062,610 | ---- | M] () -- C:\Users\Eric\Documents\911 schoarly-rr (Autosaved).docx
[2010/09/04 13:23:44 | 000,358,513 | ---- | M] () -- C:\Users\Eric\Documents\The Mysteries of Ancient History.docx
[2010/09/03 11:28:22 | 000,116,616 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2010/09/02 15:00:30 | 000,739,280 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/09/02 15:00:28 | 001,865,680 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/09/02 11:27:38 | 000,032,170 | ---- | M] () -- C:\Users\Eric\Documents\media expose.docx
[2010/09/01 10:11:44 | 000,329,320 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/08/30 13:57:00 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2010/08/28 11:30:00 | 000,136,168 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/08/27 08:26:40 | 000,177,904 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2010/08/27 08:26:40 | 000,092,896 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/08/26 09:30:28 | 000,002,074 | ---- | M] () -- C:\Windows\UDB.zip
[2010/08/25 13:48:55 | 000,011,349 | ---- | M] () -- C:\Users\Eric\Documents\Love is a Gift.docx
[2010/08/23 09:36:38 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/08/22 12:41:05 | 000,023,899 | ---- | M] () -- C:\Users\Eric\Documents\Eric MarksWriting Public ArgumentsFirst person summary for Health.docx
[2010/08/21 10:31:19 | 000,000,162 | -H-- | M] () -- C:\Users\Eric\Documents\~$e Mysteries of Ancient History.docx
[2010/08/20 09:50:32 | 000,000,882 | ---- | M] () -- C:\Windows\RegSDImport.xml
[2010/08/18 13:51:18 | 000,254,624 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/08/16 12:11:41 | 000,063,453 | ---- | M] () -- C:\Users\Eric\Documents\911 book chapter.docx
[2010/08/14 09:04:04 | 000,355,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/13 12:16:26 | 000,074,845 | ---- | M] () -- C:\Users\Eric\Documents\erics book mars chapter.docx
[2010/08/08 12:55:02 | 000,000,162 | -H-- | M] () -- C:\Users\Eric\Documents\~$dia expose.docx
[2010/08/05 17:15:51 | 000,084,240 | ---- | M] () -- C:\Users\Eric\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/05 12:08:28 | 000,074,836 | ---- | M] () -- C:\Users\Eric\Documents\cc_20100805_120810.reg
[2010/08/02 15:35:30 | 000,035,106 | ---- | M] () -- C:\Users\Eric\Documents\pc tools history.htm
[2010/07/19 16:29:20 | 000,030,367 | ---- | M] () -- C:\Users\Eric\Documents\popular dickheads.docx
[2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2010/07/14 09:25:09 | 000,000,162 | -H-- | M] () -- C:\Users\Eric\Documents\~$O sighting 2.docx
[2010/07/14 09:13:53 | 000,000,162 | -H-- | M] () -- C:\Users\Eric\Documents\~$ve is a Gift.docx
[50 C:\Users\Eric\Documents\*.tmp files -> C:\Users\Eric\Documents\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/04 09:34:23 | 001,048,576 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.2.regtrans-ms
[2010/10/04 09:34:22 | 001,048,576 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.1.regtrans-ms
[2010/10/04 09:34:22 | 001,048,576 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.0.regtrans-ms
[2010/10/04 09:34:22 | 000,065,536 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.blf
[2010/09/29 11:24:39 | 000,000,136 | ---- | C] () -- C:\Users\Eric\Desktop\Chess Titans.lnk
[2010/09/28 12:03:00 | 000,002,093 | ---- | C] () -- C:\Users\Eric\Desktop\HijackThis.lnk
[2010/09/27 15:09:47 | 000,000,162 | -H-- | C] () -- C:\Users\Eric\Documents\~$tual Magic Notes.docx
[2010/09/25 12:16:13 | 001,178,682 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/09/24 14:08:37 | 000,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7b-c805-11df-8a5a-c8a9deda4ed9}.TMContainer00000000000000000002.regtrans-ms
[2010/09/24 14:08:37 | 000,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7b-c805-11df-8a5a-c8a9deda4ed9}.TMContainer00000000000000000001.regtrans-ms
[2010/09/24 14:08:37 | 000,065,536 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7b-c805-11df-8a5a-c8a9deda4ed9}.TM.blf
[2010/09/21 11:07:01 | 000,001,409 | ---- | C] () -- C:\Users\Eric\Desktop\Internet Explorer (64-bit).lnk
[2010/09/13 17:39:19 | 000,016,697 | ---- | C] () -- C:\Users\Eric\Documents\Ritual Magic Notes.docx
[2010/09/10 12:30:55 | 000,010,217 | ---- | C] () -- C:\Users\Eric\Documents\book clipboard.docx
[2010/09/05 12:01:20 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForEric.job
[2010/08/21 10:31:19 | 000,000,162 | -H-- | C] () -- C:\Users\Eric\Documents\~$e Mysteries of Ancient History.docx
[2010/08/11 10:48:35 | 000,063,453 | ---- | C] () -- C:\Users\Eric\Documents\911 book chapter.docx
[2010/08/08 12:55:02 | 000,000,162 | -H-- | C] () -- C:\Users\Eric\Documents\~$dia expose.docx
[2010/08/07 10:39:26 | 000,358,513 | ---- | C] () -- C:\Users\Eric\Documents\The Mysteries of Ancient History.docx
[2010/08/05 12:08:16 | 000,074,836 | ---- | C] () -- C:\Users\Eric\Documents\cc_20100805_120810.reg
[2010/08/05 10:58:30 | 000,001,007 | ---- | C] () -- C:\Users\Eric\Desktop\CCleaner.lnk
[2010/08/02 15:35:29 | 000,035,106 | ---- | C] () -- C:\Users\Eric\Documents\pc tools history.htm
[2010/07/19 16:29:20 | 000,030,367 | ---- | C] () -- C:\Users\Eric\Documents\popular dickheads.docx
[2010/07/14 09:25:09 | 000,000,162 | -H-- | C] () -- C:\Users\Eric\Documents\~$O sighting 2.docx
[2010/07/14 09:13:53 | 000,000,162 | -H-- | C] () -- C:\Users\Eric\Documents\~$ve is a Gift.docx
[2010/07/10 11:46:14 | 000,011,349 | ---- | C] () -- C:\Users\Eric\Documents\Love is a Gift.docx
[2010/04/02 14:57:09 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/04/02 14:57:09 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/01/13 14:05:06 | 000,000,188 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/01/13 14:05:05 | 000,000,000 | ---- | C] () -- C:\Users\Eric\AppData\Local\QSwitch.txt
[2010/01/13 14:05:05 | 000,000,000 | ---- | C] () -- C:\Users\Eric\AppData\Local\DSwitch.txt
[2010/01/13 14:05:05 | 000,000,000 | ---- | C] () -- C:\Users\Eric\AppData\Local\AtStart.txt
[2009/10/25 22:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/25 05:06:20 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/08/25 05:06:13 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/08/25 05:05:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/08/25 05:05:38 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/08/25 05:05:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/08/09 04:42:48 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/09 04:38:18 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/09 04:36:08 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/09 04:35:20 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/11 13:45:07 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Kingsoft
[2010/08/27 09:26:35 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/04 09:34:10 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/28 15:47:08 | 000,000,186 | ---- | M] () -- C:\hpqlb.log
[2010/10/04 09:34:13 | 4193,452,032 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/18 00:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USER32.DLL >
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

< MD5 for: WS2_32.DLL >
[2009/07/13 21:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/13 21:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/13 21:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/13 21:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:430C6D84
< End of report >

Here is the other things u wanted scanned

OTL Extras logfile created on: 10/4/2010 12:16:12 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Eric\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.17 Gb Total Space | 239.49 Gb Free Space | 83.98% Space Free | Partition Type: NTFS
Drive D: | 12.72 Gb Total Space | 2.13 Gb Free Space | 16.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIC-PC
Current User Name: Eric
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"HDMI" = Intel® Graphics Media Accelerator Driver
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4313E16C-811B-469F-8815-6EB98085F8B2}" = SlingBoxWatchYourTVAnyWhere
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90F6051D-A69F-4159-9203-7E20430E1056}" = HP MediaSmart SlingPlayer
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Browser Defender_is1" = Browser Defender 3.0
"CCleaner" = CCleaner
"HijackThis" = HijackThis 2.0.2
"Homepage Protection" = Homepage Protection
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"Spyware Doctor" = Spyware Doctor 8.0
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/10/2010 12:08:07 PM | Computer Name = Eric-PC | Source = Google Update | ID = 20
Description =

Error - 9/10/2010 1:08:07 PM | Computer Name = Eric-PC | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 10:41:38 AM | Computer Name = Eric-PC | Source = Application Hang | ID = 1002
Description = The program Install-Spades-Free.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ce0 Start
Time: 01cb51bf3614d2df Termination Time: 10 Application Path: C:\Users\Eric\Downloads\Install-Spades-Free.exe

Report
Id: 9efd40b8-bdb2-11df-a917-00271332eb32

Error - 9/11/2010 10:46:11 AM | Computer Name = Eric-PC | Source = Application Hang | ID = 1002
Description = The program Install-Spades-Free(2).exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e9c Start
Time: 01cb51bfff911e55 Termination Time: 10 Application Path: C:\Users\Eric\Downloads\Install-Spades-Free(2).exe

Report
Id: 4707d441-bdb3-11df-a917-00271332eb32

Error - 9/13/2010 1:14:16 PM | Computer Name = Eric-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

Error - 9/13/2010 4:08:05 PM | Computer Name = Eric-PC | Source = Google Update | ID = 20
Description =

Error - 9/13/2010 5:08:05 PM | Computer Name = Eric-PC | Source = Google Update | ID = 20
Description =

Error - 9/14/2010 11:16:10 AM | Computer Name = Eric-PC | Source = Google Update | ID = 20
Description =

Error - 9/15/2010 11:38:19 AM | Computer Name = Eric-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3888 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 170 Start
Time: 01cb54e3f530808e Termination Time: 10 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 38233a0d-c0df-11df-8140-00269e8ed85d

Error - 9/16/2010 1:01:22 PM | Computer Name = Eric-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3888 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1640 Start
Time: 01cb55bdbedd9cc4 Termination Time: 36 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: fdc38bde-c1b3-11df-86aa-00269e8ed85d

[ Hewlett-Packard Events ]
Error - 1/15/2010 1:04:07 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 6/13/2010 10:23:07 AM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 6/20/2010 11:23:51 AM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 6/27/2010 1:16:54 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/20/2010 2:47:33 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not load the Configuration DLL. Configurator at Configurator.ConfiguratorClass.loadXML()

at Configurator.ConfiguratorClass..ctor(Boolean loadxml) at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 9/20/2010 2:48:09 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not load the Configuration DLL. Configurator at Configurator.ConfiguratorClass.loadXML()

at Configurator.ConfiguratorClass..ctor(Boolean loadxml) at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 9/20/2010 2:52:36 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not load the Configuration DLL. Configurator at Configurator.ConfiguratorClass.loadXML()

at Configurator.ConfiguratorClass..ctor(Boolean loadxml) at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 9/20/2010 3:04:26 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not load the Configuration DLL. Configurator at Configurator.ConfiguratorClass.loadXML()

at Configurator.ConfiguratorClass..ctor(Boolean loadxml) at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 9/20/2010 3:04:49 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not load the Configuration DLL. Configurator at Configurator.ConfiguratorClass.loadXML()

at Configurator.ConfiguratorClass..ctor(Boolean loadxml) at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

[ Media Center Events ]
Error - 5/21/2010 4:16:43 PM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 4:16:43 PM - Error connecting to the internet. 4:16:43 PM - Unable
to contact server..

Error - 5/24/2010 10:27:29 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 10:27:29 AM - Error connecting to the internet. 10:27:29 AM - Unable
to contact server..

Error - 5/27/2010 9:47:50 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 9:47:50 AM - Error connecting to the internet. 9:47:50 AM - Unable
to contact server..

Error - 5/29/2010 10:15:34 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 10:15:34 AM - Error connecting to the internet. 10:15:34 AM - Unable
to contact server..

Error - 6/3/2010 1:59:53 PM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 1:59:52 PM - Error connecting to the internet. 1:59:53 PM - Unable
to contact server..

Error - 6/7/2010 9:12:02 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 9:12:02 AM - Error connecting to the internet. 9:12:02 AM - Unable
to contact server..

Error - 6/9/2010 10:37:05 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 10:37:05 AM - Error connecting to the internet. 10:37:05 AM - Unable
to contact server..

Error - 6/10/2010 9:26:34 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 9:26:34 AM - Error connecting to the internet. 9:26:34 AM - Unable
to contact server..

Error - 6/11/2010 11:08:16 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 11:08:16 AM - Error connecting to the internet. 11:08:16 AM - Unable
to contact server..

Error - 6/16/2010 5:34:51 PM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 5:34:51 PM - Error connecting to the internet. 5:34:51 PM - Unable
to contact server..

[ System Events ]
Error - 9/13/2010 12:55:20 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/13/2010 12:55:20 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/13/2010 12:55:20 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/13/2010 12:55:20 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/13/2010 12:55:20 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/13/2010 3:30:25 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7034
Description = The Kingsoft Core Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/15/2010 10:45:36 AM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7034
Description = The Kingsoft Core Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/15/2010 12:10:39 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7034
Description = The Kingsoft Core Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/16/2010 1:33:34 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7034
Description = The Kingsoft Core Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/17/2010 12:32:56 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7034
Description = The Kingsoft Core Service service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

These are the hidden streams

C:\ProgramData\Temp : 430C6D84 (102 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\Temp : A8ADE5D8 (109 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\Temp : DFC5A2B2 (198 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\Temp : 430C6D84 (102 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\Temp : A8ADE5D8 (109 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\Temp : DFC5A2B2 (198 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Temp : 430C6D84 (102 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Temp : A8ADE5D8 (109 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Temp : DFC5A2B2 (198 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Temp : 430C6D84 (102 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Temp : A8ADE5D8 (109 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Temp : DFC5A2B2 (198 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Eric\AppData\Local\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml : OECustomProperty (143 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)



#4 sublime4ever81

sublime4ever81
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 05 October 2010 - 12:13 PM

Ok, well I did everything I could that you asked but as far as the rootkit scanner many of the options for scanning that you asked me to select/deselect only a few options were even selectable. I also got an error message when I ran the program that said system32 config is either locked or being used by another program. This has been happening a lot lately. When I scanned for hidden data streams with hijack this I found a number of items; none of which I could remove. I've also found entries for an aim sniffer and a latern keylogger and lantern keylogger remover. Firefox became so corrupted that I had to uninstall and go back to using internet explorer much to my dismay. I don't like too many things by microsoft. I also found entries for cngaudit.dll and if I'm not mistaken this can be a malicious file that uses hidden rootkits to embed itself in a computer without detection. Anyway here is the one set of logs you asked for. I can't do much of anything with the rootkit detector but I have some other logs from different programs that show a lot of hidden and locked files that I can neither find nor delete.

OTL logfile created on: 10/4/2010 12:16:12 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Eric\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.17 Gb Total Space | 239.49 Gb Free Space | 83.98% Space Free | Partition Type: NTFS
Drive D: | 12.72 Gb Total Space | 2.13 Gb Free Space | 16.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIC-PC
Current User Name: Eric
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/04 12:14:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
PRC - [2010/09/23 09:47:50 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsGui.exe
PRC - [2010/09/02 15:00:28 | 000,235,472 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/09/02 14:48:16 | 000,108,496 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\FGuard.exe
PRC - [2010/08/30 08:03:22 | 001,145,816 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010/07/14 10:09:29 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/03/15 13:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2009/07/23 23:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 14:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/02/06 21:51:28 | 003,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/04 12:14:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
MOD - [2010/08/04 12:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\PCTGMhk.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/28 15:47:11 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/04/28 15:47:11 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/30 20:42:34 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 16:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/09/02 15:00:28 | 000,235,472 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010/08/30 08:03:22 | 001,145,816 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/15 13:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/05/22 14:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/08/18 13:51:18 | 000,254,624 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/04/28 15:51:37 | 000,286,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/28 15:48:43 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2010/04/28 15:48:42 | 007,369,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/28 15:47:11 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/07/20 19:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel®
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 18:31:00 | 000,233,472 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 17:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/08 16:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 16:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/01 16:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 16:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 16:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/29 14:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/04/29 11:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/07 19:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/04/06 21:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
IE - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/09 04:53:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\Spyware Doctor\BDT\Firefox\ [2010/09/25 12:16:18 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\Spyware Doctor\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4116597273-1438906312-780790896-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4116597273-1438906312-780790896-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-4116597273-1438906312-780790896-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


MsConfig:64bit - StartUpReg: ISTray - hkey= - key= - C:\Program Files (x86)\Spyware Doctor\pctsGui.exe (PC Tools)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/04 12:14:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2010/09/28 12:52:30 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010/09/28 12:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/28 11:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/09/28 11:52:59 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Yahoo!
[2010/09/28 11:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/09/25 12:16:12 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2010/09/25 12:16:12 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2010/09/25 12:16:05 | 000,177,904 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2010/09/25 12:16:05 | 000,116,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2010/09/25 12:16:05 | 000,042,968 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-DNS64.sys
[2010/09/24 12:56:03 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/09/24 12:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010/09/22 12:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010/09/11 13:45:07 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Kingsoft
[2010/09/11 12:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kingsoft
[2010/09/11 12:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Kingsoft
[2010/09/11 12:40:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\nsklog
[2010/09/11 12:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\kingsoft
[2010/08/06 11:06:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Roaming\Mozilla
[2010/08/06 11:06:10 | 000,000,000 | ---D | C] -- C:\Users\Eric\AppData\Local\Mozilla
[2010/08/05 10:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[50 C:\Users\Eric\Documents\*.tmp files -> C:\Users\Eric\Documents\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/04 12:19:38 | 002,883,584 | -HS- | M] () -- C:\Users\Eric\ntuser.dat
[2010/10/04 12:14:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Eric\Desktop\OTL.exe
[2010/10/04 12:08:53 | 000,100,558 | ---- | M] () -- C:\Users\Eric\Documents\civil war research paper.docx
[2010/10/04 12:08:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/04 09:44:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 09:44:43 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/04 09:34:26 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/04 09:34:23 | 001,048,576 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.2.regtrans-ms
[2010/10/04 09:34:22 | 001,048,576 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.1.regtrans-ms
[2010/10/04 09:34:22 | 001,048,576 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.0.regtrans-ms
[2010/10/04 09:34:22 | 000,065,536 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.blf
[2010/10/04 09:34:20 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForEric.job
[2010/10/04 09:34:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/04 09:34:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/04 09:34:10 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 09:29:58 | 001,809,035 | -H-- | M] () -- C:\Users\Eric\AppData\Local\IconCache.db
[2010/09/30 10:31:54 | 001,178,682 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/09/29 11:24:39 | 000,000,136 | ---- | M] () -- C:\Users\Eric\Desktop\Chess Titans.lnk
[2010/09/28 12:03:00 | 000,002,093 | ---- | M] () -- C:\Users\Eric\Desktop\HijackThis.lnk
[2010/09/28 11:52:56 | 000,001,007 | ---- | M] () -- C:\Users\Eric\Desktop\CCleaner.lnk
[2010/09/27 17:38:05 | 000,016,697 | ---- | M] () -- C:\Users\Eric\Documents\Ritual Magic Notes.docx
[2010/09/27 15:09:47 | 000,000,162 | -H-- | M] () -- C:\Users\Eric\Documents\~$tual Magic Notes.docx
[2010/09/26 12:15:41 | 000,248,412 | ---- | M] () -- C:\Users\Eric\Documents\sighting essay.docx
[2010/09/25 12:16:09 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/09/24 14:37:08 | 000,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7b-c805-11df-8a5a-c8a9deda4ed9}.TMContainer00000000000000000002.regtrans-ms
[2010/09/24 14:37:08 | 000,524,288 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7b-c805-11df-8a5a-c8a9deda4ed9}.TMContainer00000000000000000001.regtrans-ms
[2010/09/24 14:37:08 | 000,065,536 | -HS- | M] () -- C:\Users\Eric\ntuser.dat{f1fa2b7b-c805-11df-8a5a-c8a9deda4ed9}.TM.blf
[2010/09/21 11:07:01 | 000,001,409 | ---- | M] () -- C:\Users\Eric\Desktop\Internet Explorer (64-bit).lnk
[2010/09/16 11:15:07 | 000,720,488 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/09/16 11:15:07 | 000,619,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/09/16 11:15:07 | 000,105,646 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/15 10:49:26 | 000,012,523 | ---- | M] () -- C:\Users\Eric\Documents\The Real Truth about Marijuana.docx
[2010/09/10 12:30:55 | 000,010,217 | ---- | M] () -- C:\Users\Eric\Documents\book clipboard.docx
[2010/09/09 14:24:48 | 000,062,610 | ---- | M] () -- C:\Users\Eric\Documents\911 schoarly-rr (Autosaved).docx
[2010/09/04 13:23:44 | 000,358,513 | ---- | M] () -- C:\Users\Eric\Documents\The Mysteries of Ancient History.docx
[2010/09/03 11:28:22 | 000,116,616 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2010/09/02 15:00:30 | 000,739,280 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/09/02 15:00:28 | 001,865,680 | ---- | M] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/09/02 11:27:38 | 000,032,170 | ---- | M] () -- C:\Users\Eric\Documents\media expose.docx
[2010/09/01 10:11:44 | 000,329,320 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010/08/30 13:57:00 | 000,767,952 | ---- | M] () -- C:\Windows\BDTSupport.dll
[2010/08/28 11:30:00 | 000,136,168 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010/08/27 08:26:40 | 000,177,904 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2010/08/27 08:26:40 | 000,092,896 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010/08/26 09:30:28 | 000,002,074 | ---- | M] () -- C:\Windows\UDB.zip
[2010/08/25 13:48:55 | 000,011,349 | ---- | M] () -- C:\Users\Eric\Documents\Love is a Gift.docx
[2010/08/23 09:36:38 | 000,149,456 | ---- | M] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/08/22 12:41:05 | 000,023,899 | ---- | M] () -- C:\Users\Eric\Documents\Eric MarksWriting Public ArgumentsFirst person summary for Health.docx
[2010/08/21 10:31:19 | 000,000,162 | -H-- | M] () -- C:\Users\Eric\Documents\~$e Mysteries of Ancient History.docx
[2010/08/20 09:50:32 | 000,000,882 | ---- | M] () -- C:\Windows\RegSDImport.xml
[2010/08/18 13:51:18 | 000,254,624 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010/08/16 12:11:41 | 000,063,453 | ---- | M] () -- C:\Users\Eric\Documents\911 book chapter.docx
[2010/08/14 09:04:04 | 000,355,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/13 12:16:26 | 000,074,845 | ---- | M] () -- C:\Users\Eric\Documents\erics book mars chapter.docx
[2010/08/08 12:55:02 | 000,000,162 | -H-- | M] () -- C:\Users\Eric\Documents\~$dia expose.docx
[2010/08/05 17:15:51 | 000,084,240 | ---- | M] () -- C:\Users\Eric\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/05 12:08:28 | 000,074,836 | ---- | M] () -- C:\Users\Eric\Documents\cc_20100805_120810.reg
[2010/08/02 15:35:30 | 000,035,106 | ---- | M] () -- C:\Users\Eric\Documents\pc tools history.htm
[2010/07/19 16:29:20 | 000,030,367 | ---- | M] () -- C:\Users\Eric\Documents\popular dickheads.docx
[2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2010/07/14 09:25:09 | 000,000,162 | -H-- | M] () -- C:\Users\Eric\Documents\~$O sighting 2.docx
[2010/07/14 09:13:53 | 000,000,162 | -H-- | M] () -- C:\Users\Eric\Documents\~$ve is a Gift.docx
[50 C:\Users\Eric\Documents\*.tmp files -> C:\Users\Eric\Documents\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/04 09:34:23 | 001,048,576 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.2.regtrans-ms
[2010/10/04 09:34:22 | 001,048,576 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.1.regtrans-ms
[2010/10/04 09:34:22 | 001,048,576 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.0.regtrans-ms
[2010/10/04 09:34:22 | 000,065,536 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7a-c805-11df-8a5a-c8a9deda4ed9}.TxR.blf
[2010/09/29 11:24:39 | 000,000,136 | ---- | C] () -- C:\Users\Eric\Desktop\Chess Titans.lnk
[2010/09/28 12:03:00 | 000,002,093 | ---- | C] () -- C:\Users\Eric\Desktop\HijackThis.lnk
[2010/09/27 15:09:47 | 000,000,162 | -H-- | C] () -- C:\Users\Eric\Documents\~$tual Magic Notes.docx
[2010/09/25 12:16:13 | 001,178,682 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010/09/24 14:08:37 | 000,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7b-c805-11df-8a5a-c8a9deda4ed9}.TMContainer00000000000000000002.regtrans-ms
[2010/09/24 14:08:37 | 000,524,288 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7b-c805-11df-8a5a-c8a9deda4ed9}.TMContainer00000000000000000001.regtrans-ms
[2010/09/24 14:08:37 | 000,065,536 | -HS- | C] () -- C:\Users\Eric\ntuser.dat{f1fa2b7b-c805-11df-8a5a-c8a9deda4ed9}.TM.blf
[2010/09/21 11:07:01 | 000,001,409 | ---- | C] () -- C:\Users\Eric\Desktop\Internet Explorer (64-bit).lnk
[2010/09/13 17:39:19 | 000,016,697 | ---- | C] () -- C:\Users\Eric\Documents\Ritual Magic Notes.docx
[2010/09/10 12:30:55 | 000,010,217 | ---- | C] () -- C:\Users\Eric\Documents\book clipboard.docx
[2010/09/05 12:01:20 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForEric.job
[2010/08/21 10:31:19 | 000,000,162 | -H-- | C] () -- C:\Users\Eric\Documents\~$e Mysteries of Ancient History.docx
[2010/08/11 10:48:35 | 000,063,453 | ---- | C] () -- C:\Users\Eric\Documents\911 book chapter.docx
[2010/08/08 12:55:02 | 000,000,162 | -H-- | C] () -- C:\Users\Eric\Documents\~$dia expose.docx
[2010/08/07 10:39:26 | 000,358,513 | ---- | C] () -- C:\Users\Eric\Documents\The Mysteries of Ancient History.docx
[2010/08/05 12:08:16 | 000,074,836 | ---- | C] () -- C:\Users\Eric\Documents\cc_20100805_120810.reg
[2010/08/05 10:58:30 | 000,001,007 | ---- | C] () -- C:\Users\Eric\Desktop\CCleaner.lnk
[2010/08/02 15:35:29 | 000,035,106 | ---- | C] () -- C:\Users\Eric\Documents\pc tools history.htm
[2010/07/19 16:29:20 | 000,030,367 | ---- | C] () -- C:\Users\Eric\Documents\popular dickheads.docx
[2010/07/14 09:25:09 | 000,000,162 | -H-- | C] () -- C:\Users\Eric\Documents\~$O sighting 2.docx
[2010/07/14 09:13:53 | 000,000,162 | -H-- | C] () -- C:\Users\Eric\Documents\~$ve is a Gift.docx
[2010/07/10 11:46:14 | 000,011,349 | ---- | C] () -- C:\Users\Eric\Documents\Love is a Gift.docx
[2010/04/02 14:57:09 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/04/02 14:57:09 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/01/13 14:05:06 | 000,000,188 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010/01/13 14:05:05 | 000,000,000 | ---- | C] () -- C:\Users\Eric\AppData\Local\QSwitch.txt
[2010/01/13 14:05:05 | 000,000,000 | ---- | C] () -- C:\Users\Eric\AppData\Local\DSwitch.txt
[2010/01/13 14:05:05 | 000,000,000 | ---- | C] () -- C:\Users\Eric\AppData\Local\AtStart.txt
[2009/10/25 22:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/25 05:06:20 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/08/25 05:06:13 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/08/25 05:05:57 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/08/25 05:05:38 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/08/25 05:05:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/08/09 04:42:48 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/09 04:38:18 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/09 04:36:08 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/09 04:35:20 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/11 13:45:07 | 000,000,000 | ---D | M] -- C:\Users\Eric\AppData\Roaming\Kingsoft
[2010/08/27 09:26:35 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/10/04 09:34:10 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/28 15:47:08 | 000,000,186 | ---- | M] () -- C:\hpqlb.log
[2010/10/04 09:34:13 | 4193,452,032 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 21:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 21:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2007/05/18 00:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysWow64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 21:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: USER32.DLL >
[2009/07/13 21:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

< MD5 for: WS2_32.DLL >
[2009/07/13 21:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/13 21:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/13 21:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/13 21:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:430C6D84
< End of report >

Here is the other things u wanted scanned

OTL Extras logfile created on: 10/4/2010 12:16:12 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Eric\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 48.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.17 Gb Total Space | 239.49 Gb Free Space | 83.98% Space Free | Partition Type: NTFS
Drive D: | 12.72 Gb Total Space | 2.13 Gb Free Space | 16.72% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ERIC-PC
Current User Name: Eric
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"HDMI" = Intel® Graphics Media Accelerator Driver
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4313E16C-811B-469F-8815-6EB98085F8B2}" = SlingBoxWatchYourTVAnyWhere
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{82A213BD-B6AA-4281-A2D3-59D51893CC56}" = HP MediaSmart Software Notebook Demo
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90F6051D-A69F-4159-9203-7E20430E1056}" = HP MediaSmart SlingPlayer
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Browser Defender_is1" = Browser Defender 3.0
"CCleaner" = CCleaner
"HijackThis" = HijackThis 2.0.2
"Homepage Protection" = Homepage Protection
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"Spyware Doctor" = Spyware Doctor 8.0
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/10/2010 12:08:07 PM | Computer Name = Eric-PC | Source = Google Update | ID = 20
Description =

Error - 9/10/2010 1:08:07 PM | Computer Name = Eric-PC | Source = Google Update | ID = 20
Description =

Error - 9/11/2010 10:41:38 AM | Computer Name = Eric-PC | Source = Application Hang | ID = 1002
Description = The program Install-Spades-Free.exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ce0 Start
Time: 01cb51bf3614d2df Termination Time: 10 Application Path: C:\Users\Eric\Downloads\Install-Spades-Free.exe

Report
Id: 9efd40b8-bdb2-11df-a917-00271332eb32

Error - 9/11/2010 10:46:11 AM | Computer Name = Eric-PC | Source = Application Hang | ID = 1002
Description = The program Install-Spades-Free(2).exe version 0.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e9c Start
Time: 01cb51bfff911e55 Termination Time: 10 Application Path: C:\Users\Eric\Downloads\Install-Spades-Free(2).exe

Report
Id: 4707d441-bdb3-11df-a917-00271332eb32

Error - 9/13/2010 1:14:16 PM | Computer Name = Eric-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
"System Writer" object. Details: Could not query the status of the EventSystem service.

System
Error: A system shutdown is in progress. .

Error - 9/13/2010 4:08:05 PM | Computer Name = Eric-PC | Source = Google Update | ID = 20
Description =

Error - 9/13/2010 5:08:05 PM | Computer Name = Eric-PC | Source = Google Update | ID = 20
Description =

Error - 9/14/2010 11:16:10 AM | Computer Name = Eric-PC | Source = Google Update | ID = 20
Description =

Error - 9/15/2010 11:38:19 AM | Computer Name = Eric-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3888 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 170 Start
Time: 01cb54e3f530808e Termination Time: 10 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 38233a0d-c0df-11df-8140-00269e8ed85d

Error - 9/16/2010 1:01:22 PM | Computer Name = Eric-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3888 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1640 Start
Time: 01cb55bdbedd9cc4 Termination Time: 36 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: fdc38bde-c1b3-11df-86aa-00269e8ed85d

[ Hewlett-Packard Events ]
Error - 1/15/2010 1:04:07 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Object reference not set to an instance of an object. HPSF at
HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs
e) at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs
routedEventArgs) at System.Windows.EventRoute.InvokeHandlersImpl(Object source,
RoutedEventArgs args, Boolean reRaised) at System.Windows.UIElement.RaiseEventImpl(DependencyObject
sender, RoutedEventArgs args) at System.Windows.UIElement.RaiseEvent(RoutedEventArgs
e) at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,
RoutedEvent routedEvent) at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object
root) at MS.Internal.LoadedOrUnloadedOperation.DoWork() at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks() at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object
resizedCompositionTarget) at System.Windows.Media.MediaContext.RenderMessageHandler(Object
resizedCompositionTarget) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate
callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)


Error - 6/13/2010 10:23:07 AM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 6/20/2010 11:23:51 AM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 6/27/2010 1:16:54 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib at System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) at System.IO.StreamReader..ctor(String path, Encoding encoding)

at System.IO.File.ReadAllText(String path, Encoding encoding) at n.a()

Error - 9/20/2010 2:47:33 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not load the Configuration DLL. Configurator at Configurator.ConfiguratorClass.loadXML()

at Configurator.ConfiguratorClass..ctor(Boolean loadxml) at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 9/20/2010 2:48:09 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not load the Configuration DLL. Configurator at Configurator.ConfiguratorClass.loadXML()

at Configurator.ConfiguratorClass..ctor(Boolean loadxml) at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 9/20/2010 2:52:36 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not load the Configuration DLL. Configurator at Configurator.ConfiguratorClass.loadXML()

at Configurator.ConfiguratorClass..ctor(Boolean loadxml) at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 9/20/2010 3:04:26 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not load the Configuration DLL. Configurator at Configurator.ConfiguratorClass.loadXML()

at Configurator.ConfiguratorClass..ctor(Boolean loadxml) at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

Error - 9/20/2010 3:04:49 PM | Computer Name = Eric-PC | Source = Hewlett-Packard | ID = 0
Description = en-US Could not load the Configuration DLL. Configurator at Configurator.ConfiguratorClass.loadXML()

at Configurator.ConfiguratorClass..ctor(Boolean loadxml) at HPSFConfigReader.ConfigHelper..ctor()

at HPAssistant.csSettings.loadApplicationResources(Boolean isOnAppLoad)

[ Media Center Events ]
Error - 5/21/2010 4:16:43 PM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 4:16:43 PM - Error connecting to the internet. 4:16:43 PM - Unable
to contact server..

Error - 5/24/2010 10:27:29 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 10:27:29 AM - Error connecting to the internet. 10:27:29 AM - Unable
to contact server..

Error - 5/27/2010 9:47:50 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 9:47:50 AM - Error connecting to the internet. 9:47:50 AM - Unable
to contact server..

Error - 5/29/2010 10:15:34 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 10:15:34 AM - Error connecting to the internet. 10:15:34 AM - Unable
to contact server..

Error - 6/3/2010 1:59:53 PM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 1:59:52 PM - Error connecting to the internet. 1:59:53 PM - Unable
to contact server..

Error - 6/7/2010 9:12:02 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 9:12:02 AM - Error connecting to the internet. 9:12:02 AM - Unable
to contact server..

Error - 6/9/2010 10:37:05 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 10:37:05 AM - Error connecting to the internet. 10:37:05 AM - Unable
to contact server..

Error - 6/10/2010 9:26:34 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 9:26:34 AM - Error connecting to the internet. 9:26:34 AM - Unable
to contact server..

Error - 6/11/2010 11:08:16 AM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 11:08:16 AM - Error connecting to the internet. 11:08:16 AM - Unable
to contact server..

Error - 6/16/2010 5:34:51 PM | Computer Name = Eric-PC | Source = MCUpdate | ID = 0
Description = 5:34:51 PM - Error connecting to the internet. 5:34:51 PM - Unable
to contact server..

[ System Events ]
Error - 9/13/2010 12:55:20 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/13/2010 12:55:20 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/13/2010 12:55:20 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/13/2010 12:55:20 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/13/2010 12:55:20 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/13/2010 3:30:25 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7034
Description = The Kingsoft Core Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/15/2010 10:45:36 AM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7034
Description = The Kingsoft Core Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/15/2010 12:10:39 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7034
Description = The Kingsoft Core Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/16/2010 1:33:34 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7034
Description = The Kingsoft Core Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/17/2010 12:32:56 PM | Computer Name = Eric-PC | Source = Service Control Manager | ID = 7034
Description = The Kingsoft Core Service service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

These are the hidden streams

C:\ProgramData\Temp : 430C6D84 (102 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\Temp : A8ADE5D8 (109 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\Temp : DFC5A2B2 (198 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\Temp : 430C6D84 (102 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\Temp : A8ADE5D8 (109 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\ProgramData\Temp : DFC5A2B2 (198 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Temp : 430C6D84 (102 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Temp : A8ADE5D8 (109 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Temp : DFC5A2B2 (198 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Temp : 430C6D84 (102 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Temp : A8ADE5D8 (109 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\All Users\Temp : DFC5A2B2 (198 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)
C:\Users\Eric\AppData\Local\Microsoft\Windows Live Mail\Sentinel\WLMailSearchSentinel.eml : OECustomProperty (143 bytes, MD5 D41D8CD98F00B204E9800998ECF8427E)



#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 05 October 2010 - 04:41 PM

Hello, .

cngaudit.dll is a legitmate windows file in Vista and Windows 7. I have it as well. It can be a malicious file, but it all depends on the context. It was included in the custom scan I had you do and appears legitmate.

Nothing is showing in your logs. Let's take a deeper look.



Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578










Step 1

I don't see an Anti Virus Program running on your machine
  • Download and install an antivirus program, and make sure that you keep it updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Two good antivirus programs free for non-commercial home use are Avast! and Antivir
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Step 2

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 3


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares

Edited by etavares, 05 October 2010 - 04:41 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#6 sublime4ever81

sublime4ever81
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 06 October 2010 - 08:37 AM

Ok well I have been using spyware doctor for malware and spyware but every time I install a anti-virus program as well my computer starts going haywire. Is there a free program out there that I can use either with or in place of spyware doctor? I pay for that one and I am already so sick of the program and the tech support has been abysmal Also something very peculiar happened this morning when I turned on my laptop. The OTL program I downloaded as well as the anti-rootkit program I was asked to download have been erased from my computer. I didn't do anything to make that happen. Finally, have you looked in my volume settings folder? Before Gmer was mysteriously uninstalled I found a number of entries that look rather suspicious. I know when my PC became so infected that I had to stop using it, that is where the malicious software was hiding out. I couldn't even access the folder much less delete the entries(on my PC) and now I saw similar entries on my laptop. Finally, what the heck is a latern keylogger? I found the entry during a spyware scan one time only. Since then it has disappeared. I looked it up and it appears to be a system monitor of some sort; one that is supposed to be quite invisible. I also found an aim sniffer which has also disappeared since I found it.

Didn't I read somewhere on here that a lot of viruses and spyware will use system restore to keep themselves embedded onto an operating system? Because that is what I think happened to OTL and GMER when they vanished and I'm wondering if I have something that is using system restore to keep itself intact and by extension OTL and GMER were erased as a byproduct of using system restore. Both programs were only installed recently.

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 06 October 2010 - 06:00 PM

Hi, the logs look clean, but the other scans I asked you to run in my previous post take a deeper look at items that hide from our initial scans. Please go ahead and run them.

Spyware Doctor is an anti-spyware program. You should have one antivirus and one antispyware program running. I use free tools...specifically MBAM for my antispyware and Avast for my antivirus. I like both and they're both constantly updated. Please install an antivirus before we continue...without that, anything we do will likely be reversed instantly and will inhibit cleanup.

Lantern Keylogger is a program to monitor key strokes. Parents and corporations often use them to monitor children and employees. It can also be used for malicious purposes.

Only one virus can run out of the system restore. We would see that in the log above and it doesn't appear to be the case. Running the other scans in my previous post will help us look for this one as well. Typically inactive malware remnants hide in system restore and are one of the last things we remove...we have to get rid of the active infection, until we do so every restore point will have more malware in it. We have to fix the source before we can fix the backup. GMER often has lots of entries that are false positive and legitimate entries. I'd have to see that log to see what you're infected with.

Please try downloading each tool one at a time and run a scan right away and post the log. Were you able to get them done? In addition to MBAM and MBRCheck, please also run RKU.

Scan With RKUnHooker
  • Please Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

QUOTE
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


etavares

Edited by etavares, 06 October 2010 - 06:01 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 sublime4ever81

sublime4ever81
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 08 October 2010 - 01:35 PM

I am going to get rid of spyware doctor now because I've had all I can stand and instead I am going to download the programs that you recomended. One thing however, I am in the middle of a spyware doctor scan and I am looking at this entry C:\Program Files\Invisible Keylogger Now I don't know what the heck an invisible keylogger is doing on my laptop but I'm sure it's not helping it. I am afraid that when I get rid of spyware doctor that I will be vulnerable momentarily so I guess I am going to save the startup files to my desktop for the suggested programs and sign off the internet. I will post again when I've done what you asked.

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 08 October 2010 - 05:50 PM

Unplugging from the internet is a good idea. Was Spyware Doctor able to remove Invisible Keylogger?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 13 October 2010 - 05:55 PM

still there?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 sublime4ever81

sublime4ever81
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 17 October 2010 - 11:57 AM

Hello, sorry it took so long to respond again. I've been very busy with college and just life in general. Here are the scan logs you asked for. I downloaded avira and it immediately found a long list of viruses which I'm including here. I also am attaching a full avira-scan log and the MB scan log you asked for. after that I am going to download the rootkit unhooker program and see if that helps.

Exported events:

10/17/2010 11:45 AM [Guard] Malware found
Virus or unwanted program 'HEUR/HTML.Malware [heuristic]'
detected in file 'C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Low\Content.IE5\NKCNMPIZ\counter[1].js.
Action performed: Deny access

10/13/2010 1:06 AM [Guard] Malware found
Virus or unwanted program 'HTML/Infected.WebPage.Gen [virus]'
detected in file 'C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Low\Content.IE5\CXQO9EEX\34[1].htm.
Action performed: Deny access

10/12/2010 10:55 PM [Guard] Malware found
Virus or unwanted program 'HTML/Infected.WebPage.Gen [virus]'
detected in file 'C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary
Internet Files\Low\Content.IE5\LIOVG2VZ\pageants[1].htm.
Action performed: Deny access

10/9/2010 12:28 PM [Scanner] Malware found
The file 'C:\Program Files (x86)\PDFReading\installer.exe'
contained a virus or unwanted program 'TR/Dldr.Delphi.Gen' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '49a539ab.qua'.

10/9/2010 12:27 PM [Guard] Malware found
Virus or unwanted program 'TR/Dldr.Delphi.Gen [trojan]'
detected in file 'C:\Program Files (x86)\PDFReading\installer.exe.
Action performed: Allow access

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP59EE.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4272b5cf.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP5A1F.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '6f289a82.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP5A40.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '1330dad2.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP56EC.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '46ff9bf0.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP592F.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '3746a265.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP5960.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '5b1a8e55.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP5AF4.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '0320a605.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP5B25.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '517ffced.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMPD8BF.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '49e8d34a.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP5A71.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '5f88f698.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP5AA2.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '2093c4f9.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP5AD3.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '6517e9c7.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP5525.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '39dec66a.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP5556.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '0b4abdcf.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP5587.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '2d82fdd2.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP110B.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '0cc88951.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP54F4.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '339bed14.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP563A.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '04c7d6de.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP566B.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '0dccd275.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP569C.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '48e5ab37.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP55B7.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '4e8cd6a1.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP55E8.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '7072b67b.qua'.

10/8/2010 3:57 PM [Scanner] Malware found
The file 'C:\Windows\Temp\TMP5609.tmp'
contained a virus or unwanted program 'TR/Crypt.XPACK.Gen3' [trojan]
Action(s) taken:
The file was moved to the quarantine directory under the name '5c86cfb7.qua'.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 232):
0x02C13000 \SystemRoot\system32\ntoskrnl.exe
0x031EF000 \SystemRoot\system32\hal.dll
0x00BB8000 \SystemRoot\system32\kdcom.dll
0x00CDE000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D22000 \SystemRoot\system32\PSHED.dll
0x00D36000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EE5000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F89000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F98000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FEF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E0A000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E3D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E4A000 \SystemRoot\system32\DRIVERS\isapnp.sys
0x00E53000 \SystemRoot\system32\DRIVERS\mpio.sys
0x00E7D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E92000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E9B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00EA7000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D94000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EBC000 \SystemRoot\system32\DRIVERS\intelide.sys
0x00EC4000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00ED4000 \SystemRoot\system32\DRIVERS\aliide.sys
0x00EDB000 \SystemRoot\system32\DRIVERS\amdide.sys
0x00FF8000 \SystemRoot\system32\DRIVERS\cmdide.sys
0x00CC0000 \SystemRoot\System32\drivers\mountmgr.sys
0x01064000 \SystemRoot\system32\DRIVERS\msdsm.sys
0x0108A000 \SystemRoot\system32\DRIVERS\nvraid.sys
0x010B3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x010E3000 \SystemRoot\system32\DRIVERS\pciide.sys
0x010EA000 \SystemRoot\system32\DRIVERS\viaide.sys
0x012DB000 \SystemRoot\system32\DRIVERS\iaStorV.sys
0x014AD000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x015C9000 \SystemRoot\system32\DRIVERS\atapi.sys
0x015D2000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x01400000 \SystemRoot\system32\DRIVERS\lsi_sas.sys
0x0141D000 \SystemRoot\system32\DRIVERS\storport.sys
0x0147F000 \SystemRoot\system32\DRIVERS\msahci.sys
0x0148A000 \SystemRoot\system32\DRIVERS\HpSAMD.sys
0x01200000 \SystemRoot\system32\DRIVERS\adp94xx.sys
0x0127B000 \SystemRoot\system32\DRIVERS\adpahci.sys
0x010F2000 \SystemRoot\system32\DRIVERS\adpu320.sys
0x01121000 \SystemRoot\system32\DRIVERS\amdsata.sys
0x0113F000 \SystemRoot\system32\DRIVERS\amdsbs.sys
0x014A1000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01186000 \SystemRoot\system32\DRIVERS\arc.sys
0x0119F000 \SystemRoot\system32\DRIVERS\arcsas.sys
0x016BE000 \SystemRoot\system32\DRIVERS\elxstor.sys
0x01745000 \SystemRoot\system32\DRIVERS\iirsp.sys
0x01756000 \SystemRoot\system32\DRIVERS\lsi_fc.sys
0x01775000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys
0x01788000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys
0x017A7000 \SystemRoot\system32\DRIVERS\megasas.sys
0x01600000 \SystemRoot\system32\DRIVERS\MegaSR.sys
0x016A4000 \SystemRoot\system32\DRIVERS\nfrd960.sys
0x017B3000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x0185A000 \SystemRoot\system32\DRIVERS\ql2300.sys
0x01000000 \SystemRoot\system32\DRIVERS\ql40xx.sys
0x01800000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys
0x0180E000 \SystemRoot\system32\DRIVERS\sisraid4.sys
0x01826000 \SystemRoot\system32\DRIVERS\stexstor.sys
0x01830000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01AEC000 \SystemRoot\system32\drivers\fltmgr.sys
0x01B38000 \SystemRoot\system32\drivers\fileinfo.sys
0x01C3C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01B4C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01DDF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01A00000 \SystemRoot\System32\Drivers\cng.sys
0x01C00000 \SystemRoot\System32\drivers\pcw.sys
0x01C11000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01EAA000 \SystemRoot\system32\drivers\ndis.sys
0x01F9C000 \SystemRoot\system32\drivers\NETIO.SYS
0x01E00000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x02000000 \SystemRoot\System32\drivers\tcpip.sys
0x01E2B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01E75000 \SystemRoot\system32\DRIVERS\wd.sys
0x01A73000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01E7D000 \SystemRoot\System32\Drivers\spldr.sys
0x01E85000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x01BAA000 \SystemRoot\System32\drivers\rdyboost.sys
0x01C1B000 \SystemRoot\System32\Drivers\mup.sys
0x01C2D000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01BE4000 \SystemRoot\system32\DRIVERS\hpdskflt.sys
0x011BA000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01ABF000 \SystemRoot\system32\DRIVERS\disk.sys
0x03580000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x035AA000 \SystemRoot\System32\Drivers\Null.SYS
0x035B3000 \SystemRoot\System32\Drivers\Beep.SYS
0x035BA000 \SystemRoot\System32\drivers\vga.sys
0x035C8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x035ED000 \SystemRoot\System32\drivers\watchdog.sys
0x03400000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03409000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03412000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0341B000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03426000 \SystemRoot\System32\Drivers\Npfs.SYS
0x017DE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03437000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x042F8000 \SystemRoot\system32\drivers\afd.sys
0x04382000 \SystemRoot\System32\DRIVERS\netbt.sys
0x043C7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x043D0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04200000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04216000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04242000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0425D000 \SystemRoot\system32\DRIVERS\termdd.sys
0x04271000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x042C2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x042CE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x042D9000 \SystemRoot\System32\drivers\discache.sys
0x04473000 \SystemRoot\System32\Drivers\dfsc.sys
0x04491000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x044A2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x044C8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x044DE000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04602000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04D0A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x044E3000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04529000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04536000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0458C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0459D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0509E000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
0x05000000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0504A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x05068000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x05074000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04400000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x05083000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05085000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x0444C000 \SystemRoot\system32\DRIVERS\enecir.sys
0x05094000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x045C1000 \SystemRoot\system32\DRIVERS\Accelerometer.sys
0x045CD000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x045DD000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05823000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05847000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05853000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05882000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0589D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x058BE000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x058D8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x058DA000 \SystemRoot\system32\DRIVERS\ks.sys
0x0591D000 \SystemRoot\system32\DRIVERS\circlass.sys
0x0592F000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05941000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0599B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07CD5000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x07D50000 \SystemRoot\system32\DRIVERS\portcls.sys
0x07D8D000 \SystemRoot\system32\DRIVERS\drmk.sys
0x07DAF000 \SystemRoot\system32\drivers\ksthunk.sys
0x07E9C000 \SystemRoot\system32\DRIVERS\agrsm64.sys
0x07FCD000 \SystemRoot\system32\drivers\modem.sys
0x07E00000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x07E27000 \SystemRoot\system32\DRIVERS\hidir.sys
0x07E38000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07E51000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07E5A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x07E68000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00000000 \SystemRoot\System32\win32k.sys
0x07E75000 \SystemRoot\System32\drivers\Dxapi.sys
0x07E81000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03444000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x07FDC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x07DB5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07FEF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07DD2000 \SystemRoot\System32\Drivers\usbvideo.sys
0x07C00000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00440000 \SystemRoot\System32\TSDDD.dll
0x00630000 \SystemRoot\System32\cdd.dll
0x00950000 \SystemRoot\System32\ATMFD.DLL
0x07C0E000 \SystemRoot\system32\drivers\luafv.sys
0x07C31000 \SystemRoot\system32\drivers\WudfPf.sys
0x07C52000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x07C67000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x07CBA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x059B0000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x07E8F000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x02E22000 \SystemRoot\system32\drivers\HTTP.sys
0x02EEA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02F08000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02F20000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02F4D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02F9B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03C17000 \SystemRoot\system32\drivers\peauth.sys
0x03CBD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03CC8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03CF5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03D07000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05C1C000 \SystemRoot\System32\DRIVERS\srv.sys
0x05CB4000 \??\C:\Windows\system32\drivers\mbam.sys
0x779F0000 \Windows\System32\ntdll.dll
0x48120000 \Windows\System32\smss.exe
0xFFD10000 \Windows\System32\apisetschema.dll
0xFF760000 \Windows\System32\autochk.exe
0xFFCE0000 \Windows\System32\imagehlp.dll
0xFFB60000 \Windows\System32\urlmon.dll
0xFFA30000 \Windows\System32\wininet.dll
0x77BC0000 \Windows\System32\psapi.dll
0xFFA20000 \Windows\System32\nsi.dll
0xFF7C0000 \Windows\System32\iertutil.dll
0xFF790000 \Windows\System32\imm32.dll
0xFF720000 \Windows\System32\gdi32.dll
0xFF700000 \Windows\System32\sechost.dll
0xFF660000 \Windows\System32\clbcatq.dll
0xFE8D0000 \Windows\System32\shell32.dll
0xFE7F0000 \Windows\System32\advapi32.dll
0xFE710000 \Windows\System32\oleaut32.dll
0x77BB0000 \Windows\System32\normaliz.dll
0xFE670000 \Windows\System32\comdlg32.dll
0xFE5A0000 \Windows\System32\usp10.dll
0xFE520000 \Windows\System32\difxapi.dll
0xFE510000 \Windows\System32\lpk.dll
0xFE3E0000 \Windows\System32\rpcrt4.dll
0x778F0000 \Windows\System32\user32.dll
0xFE360000 \Windows\System32\shlwapi.dll
0x777D0000 \Windows\System32\kernel32.dll
0xFE310000 \Windows\System32\Wldap32.dll
0xFE270000 \Windows\System32\msvcrt.dll
0xFE060000 \Windows\System32\ole32.dll
0xFE010000 \Windows\System32\ws2_32.dll
0xFDF00000 \Windows\System32\msctf.dll
0xFDD20000 \Windows\System32\setupapi.dll
0xFDCE0000 \Windows\System32\wintrust.dll
0xFDCA0000 \Windows\System32\cfgmgr32.dll
0xFDC80000 \Windows\System32\devobj.dll
0xFDBE0000 \Windows\System32\comctl32.dll
0xFDA70000 \Windows\System32\crypt32.dll
0xFDA00000 \Windows\System32\KernelBase.dll
0xFD9F0000 \Windows\System32\msasn1.dll
0x76BF0000 \Windows\SysWOW64\normaliz.dll

Processes (total 71):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
420 csrss.exe
472 C:\Windows\System32\wininit.exe
488 csrss.exe
520 C:\Windows\System32\services.exe
544 C:\Windows\System32\lsass.exe
552 C:\Windows\System32\lsm.exe
652 C:\Windows\System32\svchost.exe
712 C:\Windows\System32\svchost.exe
764 C:\Windows\System32\svchost.exe
820 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\stacsv64.exe
280 C:\Windows\System32\svchost.exe
444 C:\Windows\System32\hpservice.exe
708 C:\Windows\System32\winlogon.exe
1032 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\spoolsv.exe
1272 C:\Windows\System32\svchost.exe
1396 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b87ff64c8b56b7db\AESTSr64.exe
1424 C:\Program Files\LSI SoftModem\agr64svc.exe
1444 C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
1516 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1556 C:\Windows\System32\svchost.exe
1688 C:\Windows\System32\taskhost.exe
1780 C:\Windows\System32\dwm.exe
1852 C:\Windows\explorer.exe
1952 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1060 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
1836 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2200 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2268 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2280 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2288 C:\Windows\System32\hkcmd.exe
2320 C:\Windows\System32\igfxsrvc.exe
2420 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2472 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2484 C:\Windows\System32\igfxtray.exe
2496 C:\Windows\System32\igfxpers.exe
2504 C:\Program Files\IDT\WDM\sttray64.exe
2536 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
2548 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
2876 C:\Windows\System32\SearchIndexer.exe
1632 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1184 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
1616 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
2972 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
2072 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
3008 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3104 C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
3112 C:\Program Files (x86)\Spyware Doctor\BDT\FGuard.exe
3204 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
3280 WmiPrvSE.exe
3404 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
3552 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
3584 C:\Windows\System32\taskeng.exe
3616 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
3644 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
3816 C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
236 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
1156 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
3156 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3184 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
3580 C:\Program Files\Windows Media Player\wmpnetwk.exe
2308 C:\Windows\System32\audiodg.exe
2704 dllhost.exe
1668 dllhost.exe
2856 C:\Users\Eric\Desktop\MBRCheck.exe
2196 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000047`57900000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS723232L9A360, Rev: FC4OC60D

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: A53300E09B08EE5070DB8FA3D24A93766C7CD6FD


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

here is a full list of running proccesses. I found quite a few of these that are classified as viruses, trojans, or worms. I will post the rest with the rootkit unhooker report.

C:\Windows\System32\DriverStore\FileRepository\tape.inf_amd64_neutral_c6a6811d3d827dba\
4mmdat.sys
dlttape.sys
exabyte2.sys
hpt4qic.sys
ltotape.sys
mammoth.sys
miniqic.sys
qic157.sys
sonyait.sys
tandqic.sys
tape.inf
tape.PNF
C:\Windows\System32\DriverStore\FileRepository\tdibth.inf_amd64_neutral_6ad685957123daf1\
rfcomm.sys
tdibth.inf
tdibth.PNF
C:\Windows\System32\DriverStore\FileRepository\tpm.inf_amd64_neutral_d5bb6575cf91cd73\
tpm.inf
tpm.PNF
tpm.sys
C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_be3c50934fb3a02b\
TransferCable.inf
transfercable.PNF
C:\Windows\System32\DriverStore\FileRepository\transfercable.inf_amd64_neutral_be3c50934fb3a02b\amd64\
winusb.sys
C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_80c35baded1b3a7f\
tsprint-datafile.dat
tsprint-PipelineConfig.xml
tsprint.inf
tsprint.PNF
C:\Windows\System32\DriverStore\FileRepository\tsprint.inf_amd64_neutral_80c35baded1b3a7f\amd64\
tsprint.dll
C:\Windows\System32\DriverStore\FileRepository\ts_generic.inf_amd64_neutral_1a5c861fdb3aab0e\
ts_generic.inf
ts_generic.PNF
C:\Windows\System32\DriverStore\FileRepository\ts_wpdmtp.inf_amd64_neutral_daa64ca27846aa23\
ts_wpdmtp.inf
ts_wpdmtp.PNF
C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_neutral_694fa3d3c00382f7\
umbus.inf
umbus.PNF
umbus.sys
C:\Windows\System32\DriverStore\FileRepository\umpass.inf_amd64_neutral_e3be362bfab667d2\
umpass.inf
umpass.PNF
umpass.sys
C:\Windows\System32\DriverStore\FileRepository\unknown.inf_amd64_neutral_5eb6ac70dd1a3ad0\
unknown.inf
unknown.PNF
C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_e2b28ecac19a29af\
usb.inf
usb.PNF
usbccgp.sys
usbhub.sys
C:\Windows\System32\DriverStore\FileRepository\usbcir.inf_amd64_neutral_f1253b523596f76d\
CIRCoInst.dll
usbcir.inf
usbcir.PNF
usbcir.sys
C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_5a41ca742f7973cc\
usbd.sys
usbehci.sys
usbhub.sys
usbohci.sys
usbport.inf
usbport.PNF
usbport.sys
usbuhci.sys
C:\Windows\System32\DriverStore\FileRepository\usbprint.inf_amd64_neutral_54948be2bc4bcdd1\
usbprint.inf
usbprint.PNF
usbprint.sys
C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_amd64_neutral_c301b770e0bfb179\
usbstor.inf
usbstor.PNF
USBSTOR.SYS
C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_23bfbf6f668380d6\
usbvideo.inf
usbvideo.PNF
usbvideo.sys
C:\Windows\System32\DriverStore\FileRepository\usbvideo.inf_amd64_neutral_bf0f016516bef613\
usbvideo.inf
usbvideo.PNF
usbvideo.sys
C:\Windows\System32\DriverStore\FileRepository\vhdmp.inf_amd64_neutral_ff4ad1ec394a9f9d\
vhdmp.inf
vhdmp.PNF
vhdmp.sys
C:\Windows\System32\DriverStore\FileRepository\volsnap.inf_amd64_neutral_7499a4fac85b39fc\
volsnap.inf
volsnap.PNF
C:\Windows\System32\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\
volsnap.sys
volume.inf
volume.PNF
C:\Windows\System32\DriverStore\FileRepository\vsmraid.inf_amd64_neutral_be11b7aaa746e92d\
vsmraid.inf
vsmraid.PNF
vsmraid.sys
C:\Windows\System32\DriverStore\FileRepository\v_mscdsc.inf_amd64_neutral_8b1e6b55729c3283\
V_MSCDSC.inf
v_mscdsc.PNF
C:\Windows\System32\DriverStore\FileRepository\wave.inf_amd64_neutral_7a0a0b166f55e1aa\
wave.inf
wave.PNF
C:\Windows\System32\DriverStore\FileRepository\wceisvista.inf_amd64_neutral_3500779911f7f3ca\
WceISVista.inf
wceisvista.PNF
C:\Windows\System32\DriverStore\FileRepository\wd.inf_amd64_neutral_759109899b486d47\
wd.inf
wd.PNF
wd.sys
C:\Windows\System32\DriverStore\FileRepository\wdmaudio.inf_amd64_neutral_423894ded0ba8fdf\
drmk.sys
drmkaud.sys
portcls.sys
SysFxUI.dll
wdmaudio.inf
wdmaudio.PNF
WMALFXGFXDSP.dll
C:\Windows\System32\DriverStore\FileRepository\wdma_usb.inf_amd64_neutral_c81656b241a238c8\
USBAUDIO.sys
wdma_usb.inf
wdma_usb.PNF
C:\Windows\System32\DriverStore\FileRepository\wiabr002.inf_amd64_neutral_b4ea26a49ad66560\
Brmf3wia.dll
BrUs2Sti.dll
wiabr002.inf
wiabr002.PNF
C:\Windows\System32\DriverStore\FileRepository\wiabr004.inf_amd64_neutral_b1d90b3749c5e6a6\
Brmf3wia.dll
BrUs2Sti.dll
wiabr004.inf
wiabr004.PNF
C:\Windows\System32\DriverStore\FileRepository\wiabr005.inf_amd64_neutral_e14a0514f37611d8\
Brmf3wia.dll
BrUs2Sti.dll
wiabr005.inf
wiabr005.PNF
C:\Windows\System32\DriverStore\FileRepository\wiabr006.inf_amd64_neutral_0232ca4f23224d01\
Brmf3wia.dll
brmsl09a.icm
BrUs2Sti.dll
wiabr006.inf
wiabr006.PNF
C:\Windows\System32\DriverStore\FileRepository\wiabr007.inf_amd64_neutral_442d902f3f3dd5b7\
Brmf3wia.dll
BrUs2Sti.dll
wiabr007.inf
wiabr007.PNF
C:\Windows\System32\DriverStore\FileRepository\wiabr008.inf_amd64_neutral_27d1c9a28eac4eed\
Brmf3wia.dll
BrUs2Sti.dll
wiabr008.inf
wiabr008.PNF
C:\Windows\System32\DriverStore\FileRepository\wiabr009.inf_amd64_neutral_2d7b3edfda95df40\
Brmf3wia.dll
BrUs2Sti.dll
wiabr009.inf
wiabr009.PNF
C:\Windows\System32\DriverStore\FileRepository\wiabr00a.inf_amd64_neutral_6033065925bcc882\
Brmf3wia.dll
brmsl07a.bin
brmsl07a.icm
BrUs2Sti.dll
wiabr00a.inf
wiabr00a.PNF
C:\Windows\System32\DriverStore\FileRepository\wiaca00a.inf_amd64_neutral_163313056d8f34ab\
CNC970W.DAT
CNFRAC.ICC
CNFRAD.ICC
CNFRAE.ICC
CNFRAH.ICC
CNHI07A.DLL
CNHL520.DLL
CNHL610.DLL
CNHL970.DLL
CNHLX700.DLL
CNHMWL.dll
CNHMWL6.dll
CNHW07A.DLL
wiaca00a.inf
wiaca00a.PNF
C:\Windows\System32\DriverStore\FileRepository\wiaca00b.inf_amd64_neutral_1aaa057d3d52ea43\
CNC172DD.TBL
CNC980N.DAT
CNC980W.DAT
CNFRAI.ICC
CNFRAJ.ICC
CNFRAK.ICC
CNFRAR.ICC
CNHI07A.DLL
CNHI08A.DLL
CNHI08S.DLL
CNHL08A.DLL
CNHL190.DLL
CNHL7600.DLL
CNHLX850.DLL
CNHMCA.DLL
CNHMCA6.DLL
CNHW07A.DLL
CNHW08A.DLL
CNHW08S.DLL
wiaca00b.inf
wiaca00b.PNF
C:\Windows\System32\DriverStore\FileRepository\wiaca00c.inf_amd64_neutral_27f4ad26fea72eb1\
CNFRA8.ICC
CNFRA9.ICC
CNFRAA.ICC
CNFRAB.ICC
CNFRAF.ICC
CNFRAG.ICC
CNHI06A.DLL
CNHI07A.DLL
CNHL140.DLL
CNHL210.DLL
CNHL220.DLL
CNHL470.DLL
CNHLX300.DLL
CNHLX310.DLL
CNHW06A.DLL
CNHW07A.DLL
wiaca00c.inf
wiaca00c.PNF
C:\Windows\System32\DriverStore\FileRepository\wiaca00d.inf_amd64_neutral_2c3623fa97b0c28e\
CNFRA0.ICC
CNFRA1.ICC
CNFRA2.ICC
CNHI06A.DLL
CNHL160.DLL
CNHL180.DLL
CNHL460.DLL
CNHW06A.DLL
wiaca00d.inf
wiaca00d.PNF
C:\Windows\System32\DriverStore\FileRepository\wiaca00e.inf_amd64_neutral_5a376e6a7cb007d5\
CNFRA4.ICC
CNFRA5.ICC
CNFRA6.ICC
CNFRA7.ICC
CNHI06A.DLL
CNHL600.DLL
CNHL600R.DLL
CNHL810.DLL
CNHL960.DLL
CNHW06A.DLL
wiaca00e.inf
wiaca00e.PNF
C:\Windows\System32\DriverStore\FileRepository\wiaca00f.inf_amd64_neutral_f7f7e179d99acc58\
CNFMP53R.ICC
CNFMP80R.ICC
CNFMP8RR.ICC
CNFMP95R.ICC
CNFRA3.ICC
CNHI05A.DLL
CNHI06A.DLL
CNHI06S.DLL
CNHL510.DLL
CNHL530.DLL
CNHL800.DLL
CNHL800R.DLL
CNHL950.DLL
CNHW05A.DLL
CNHW06A.DLL
CNHW06S.DLL
wiaca00f.inf
wiaca00f.PNF
C:\Windows\System32\DriverStore\FileRepository\wiaca00i.inf_amd64_neutral_de104aaa48ee4b00\
CNC172ED.TBL
CNC172FD.TBL
CNC1730D.TBL
CNC1731D.TBL
CNC1732D.TBL
CNC1733D.TBL
CNFRAL.ICC
CNFRAM.ICC
CNFRAN.ICC
CNFRAO.ICC
CNFRAP.ICC
CNFRAQ.ICC
CNHI08A.DLL
CNHL08A.DLL
CNHMCA.DLL
CNHMCA6.DLL
CNHW08A.DLL
wiaca00i.inf
wiaca00i.PNF
C:\Windows\System32\DriverStore\FileRepository\wiacn001.inf_amd64_neutral_b7a0b2f53d745b5a\
CNHC370S.DLL
CNHC730S.DLL
CNHC750S.DLL
CNHIPRO.DLL
CNHL170S.DLL
CNHL370S.DLL
CNHL500.DLL
CNHL730S.DLL
CNHL750S.DLL
CNHL830.DLL
CNHP170S.ICC
CNHP370S.ICC
CNHP500.ICC
CNHP730S.ICC
CNHP750S.ICC
CNHP760S.ICC
CNHP830.ICC
CNHP900.ICC
CNHW170S.DLL
CNHW370S.DLL
CNHW500.DLL
CNHW730S.DLL
CNHW750S.DLL
CNHW760S.DLL
CNHW830.DLL
CNHW900.DLL
wiacn001.inf
wiacn001.PNF
C:\Windows\System32\DriverStore\FileRepository\wiaep002.inf_amd64_neutral_0a982dec66379cb0\
ep0icd0.dll
wiaep002.inf
wiaep002.PNF
C:\Windows\System32\DriverStore\FileRepository\wiaep003.inf_amd64_neutral_c2a98813147bf34e\
ep0icb1.dll
ep0icd1.dll
ep0icn1.dll
ep0icn2.dll
ep0icn3.dll
wiaep003.inf
wiaep003.PNF
C:\Windows\System32\DriverStore\FileRepository\wiahp001.inf_amd64_neutral_aee49cdf3b352e58\
hpljbfig.dll
wiahp001.inf
wiahp001.PNF
C:\Windows\System32\DriverStore\FileRepository\wiaky002.inf_amd64_neutral_b898f5982403f3cb\
kywdds10.dll
kyweds10.dll
kywuds10.dll
wiaky002.inf
wiaky002.PNF
C:\Windows\System32\DriverStore\FileRepository\wialx002.inf_amd64_neutral_71f4aacee1aa9f06\
lxa1comc.DLL
lxa1usb1.DLL
lxa1WIA.DLL
wialx002.inf
wialx002.PNF
C:\Windows\System32\DriverStore\FileRepository\wialx003.inf_amd64_neutral_db618863f9347f9a\
lxa2comc.DLL
lxa2iobj.DLL
lxa2usb1.DLL
lxa2WIA.DLL
wialx003.inf
wialx003.PNF
C:\Windows\System32\DriverStore\FileRepository\wialx004.inf_amd64_neutral_0a3a62ae6ed43127\
lxa3comc.DLL
lxa3iobj.DLL
lxa3usb1.DLL
lxa3WIA.DLL
wialx004.inf
wialx004.PNF
C:\Windows\System32\DriverStore\FileRepository\wialx005.inf_amd64_neutral_5304c93e2193f237\
lxa4drs.DLL
lxa4WIA.DLL
wialx005.inf
wialx005.PNF
C:\Windows\System32\DriverStore\FileRepository\wialx006.inf_amd64_neutral_ae607a72b46f9cfc\
lxa5drs.DLL
lxa5WIA.DLL
wialx006.inf
wialx006.PNF
C:\Windows\System32\DriverStore\FileRepository\wiasa002.inf_amd64_neutral_6429a42f1243419a\
SA216x.icc
SA3170.icc
SA4300.icc
SA4500.icc
SA4500W.icc
SA4725.icc
SA4x24.icc
SA4x26.icc
SA4x28.icc
SA5635.icc
SA5935.icc
SA6200.icc
SA6240.icc
SA6x22.icc
SA6x45.icc
SA6x55.icc
SA8380.icc
SaErHdlr.dll
SaImgFlt.dll
SaMinDrv.dll
SaSegFlt.dll
wiasa002.inf
wiasa002.PNF
C:\Windows\System32\DriverStore\FileRepository\wiaxx002.inf_amd64_neutral_fbe080a7dd77c4a3\
wiaxx002.inf
wiaxx002.PNF
xrWCbgnd.dll
xrWCdev.dll
xrWCtmg2.dll
xrWPcoin.dll
xrWPcpl.dll
xrWPcpst.dll
xrWPdeft.xst
xrWPpb3.dll
xrWPpb4.dll
xrWPusd.dll
C:\Windows\System32\DriverStore\FileRepository\windowssideshowenhanceddriver.inf_amd64_neutral_184a2ef2a8f57c33\
AuxiliaryDisplayEnhancedDriver.dll
WindowsSideShowEnhancedDriver.inf
windowssideshowenhanceddriver.PNF
C:\Windows\System32\DriverStore\FileRepository\winusb.inf_amd64_neutral_2878b0df142d775e\
winusb.inf
winusb.PNF
winusb.sys
C:\Windows\System32\DriverStore\FileRepository\wpdcomp.inf_amd64_neutral_cd9217822125c77c\
Wpdcomp.dll
wpdcomp.inf
wpdcomp.PNF
C:\Windows\System32\DriverStore\FileRepository\wpdfs.inf_amd64_neutral_fc4ebadff3a40ae4\
WpdFs.dll
WpdFs.inf
wpdfs.PNF
C:\Windows\System32\DriverStore\FileRepository\wpdmtp.inf_amd64_neutral_28f06ca2e38e8979\
WpdMtp.dll
wpdmtp.inf
wpdmtp.PNF
WpdMtpbt.dll
WpdMtpDr.dll
WpdMtpIP.dll
WpdMtpUS.dll
C:\Windows\System32\DriverStore\FileRepository\wpdmtphw.inf_amd64_neutral_a7a22bb0bb81abb0\
wpdmtphw.inf
wpdmtphw.PNF
C:\Windows\System32\DriverStore\FileRepository\wsdprint.inf_amd64_neutral_f91980f20f3112ed\
WSDPrint.Inf
wsdprint.PNF
WSDPrint.sys
C:\Windows\System32\DriverStore\FileRepository\wsdscdrv.inf_amd64_neutral_47406488f9e8d5b8\
WSDScDrv.dll
WSDScDrv.inf
wsdscdrv.PNF
C:\Windows\System32\DriverStore\FileRepository\wudfusbcciddriver.inf_amd64_neutral_e98cea3f75d1c6bf\
WUDFUsbccidDriver.dll
WUDFUsbccidDriver.inf
wudfusbcciddriver.PNF
C:\Windows\System32\DriverStore\FileRepository\xcbdav.inf_amd64_neutral_cf80e4da1c95e6e2\
xcbdav.inf
xcbdav.PNF
xcbdaVx64.sys
xccpx64.ax
xcfeVx64.sys
xchalVx64.sys
xcmemVx64.sys
C:\Windows\System32\DriverStore\FileRepository\xnacc.inf_amd64_neutral_13c4e272a96185a1\
xnacc.inf
xnacc.PNF
xnacc.sys
C:\Windows\System32\DriverStore\Temp\{522f6bf6-ae20-0f66-d982-a746d010852a}\
prnms001.cat
C:\Windows\System32\el-GR\
cdosys.dll.mui
comctl32.dll.mui
comdlg32.dll.mui
fms.dll.mui
mlang.dll.mui
msimsg.dll.mui
msprivs.dll.mui
C:\Windows\System32\en\
AuthFWSnapIn.Resources.dll
AuthFWWizFwk.Resources.dll
Narrator.resources.dll
C:\Windows\System32\en-US\
aaclient.dll.mui
accessibilitycpl.dll.mui
acctres.dll.mui
acledit.dll.mui
aclui.dll.mui
acppage.dll.mui
acproxy.dll.mui
ActionCenter.dll.mui
ActionCenterCPL.dll.mui
actionqueue.dll.mui
activeds.dll.mui
AdapterTroubleshooter.exe.mui
admparse.dll.mui
adprovider.dll.mui
adsldp.dll.mui
adsldpc.dll.mui
adsmsext.dll.mui
adsnt.dll.mui
adtschema.dll.mui
advapi32.dll.mui
advpack.dll.mui
aeevts.dll.mui
aelupsvc.dll.mui
aepdu.dll.mui
aitagent.exe.mui
alg.exe.mui
AltTab.dll.mui
amstream.dll.mui
apds.dll.mui
apilogen.dll.mui
apircl.dll.mui
apphelp.dll.mui
Apphlpdm.dll.mui
appidapi.dll.mui
appidsvc.dll.mui
appinfo.dll.mui
appwiz.cpl.mui
apss.dll.mui
arp.exe.mui
asferror.dll.mui
at.exe.mui
AtBroker.exe.mui
atl.dll.mui
attrib.exe.mui
audiodg.exe.mui
AudioSes.dll.mui
AudioSrv.dll.mui
auditcse.dll.mui
auditpol.exe.mui
authfwcfg.dll.mui
authfwgp.dll.mui
authui.dll.mui
autochk.exe.mui
autoconv.exe.mui
Autofmt.exe.mui
autoplay.dll.mui
AuxiliaryDisplayClassInstaller.dll.mui
AuxiliaryDisplayCpl.dll.mui
AuxiliaryDisplayServices.dll.mui
avicap32.dll.mui
avifil32.dll.mui
AxInstSv.dll.mui
AxInstUI.exe.mui
azman.msc
azroles.dll.mui
azroleui.dll.mui
azsqlext.dll.mui
basecsp.dll.mui
batmeter.dll.mui
batt.dll.mui
bcdboot.exe.mui
bcdedit.exe.mui
bdesvc.dll.mui
BdeUnlockWizard.exe.mui
bfe.dll.mui
biocpl.dll.mui
BioCredProv.dll.mui
bitsadmin.exe.mui
BlbEvents.dll.mui
blbres.dll.mui
bootcfg.exe.mui
bootres.dll.mui
bootstr.dll.mui
bridgeres.dll.mui
Brmf2wia.dll.mui
Brmf3wia.dll.mui
BrmfcWia.dll.mui
browser.dll.mui
bthci.dll.mui
BthMtpContextHandler.dll.mui
BthpanContextHandler.dll.mui
bthprops.cpl.mui
bthserv.dll.mui
bthudtask.exe.mui
btpanui.dll.mui
Bubbles.scr.mui
BWContextHandler.dll.mui
BWUnpairElevated.dll.mui
cabview.dll.mui
cacls.exe.mui
calc.exe.mui
capiprovider.dll.mui
capisp.dll.mui
cdosys.dll.mui
cero.rs.mui
certcli.dll.mui
certcredprovider.dll.mui
certenc.dll.mui
CertEnroll.dll.mui
CertEnrollCtrl.exe.mui
CertEnrollUI.dll.mui
certmgr.dll.mui
certmgr.msc
CertPolEng.dll.mui
certprop.dll.mui
certreq.exe.mui
certutil.exe.mui
cewmdm.dll.mui
cfgbkend.dll.mui
charmap.exe.mui
chkdsk.exe.mui
chkntfs.exe.mui
chkwudrv.dll.mui
choice.exe.mui
ci.dll.mui
cic.dll.mui
cipher.exe.mui
clb.dll.mui
cleanmgr.exe.mui
clfs.sys.mui
cliconfg.rll.mui
clip.exe.mui
clusapi.dll.mui
cmcfg32.dll.mui
cmd.exe.mui
cmdial32.dll.mui
cmdkey.exe.mui
cmdl32.exe.mui
cmlua.dll.mui
cmmon32.exe.mui
cmncliM.dll.mui
cmstp.exe.mui
cmstplua.dll.mui
cmutil.dll.mui
cngprovider.dll.mui
CNHW170S.DLL.mui
CNHW370S.DLL.mui
CNHW500.DLL.mui
CNHW730S.DLL.mui
CNHW750S.DLL.mui
CNHW760S.DLL.mui
CNHW830.DLL.mui
CNHW900.DLL.mui
cofire.exe.mui
cofiredm.dll.mui
collab.cpl.mui
colorcpl.exe.mui
colorui.dll.mui
comctl32.dll.mui
comdlg32.dll.mui
comexp.msc
comp.exe.mui
compact.exe.mui
compmgmt.msc
compstui.dll.mui
ComputerDefaults.exe.mui
comres.dll.mui
conhost.exe.mui
connect.dll.mui
consent.exe.mui
console.dll.mui
corrEngine.dll.mui
cpfilters.dll.mui
credui.dll.mui
credwiz.exe.mui
crypt32.dll.mui
cryptdlg.dll.mui
cryptext.dll.mui
cryptsvc.dll.mui
cryptui.dll.mui
cryptxml.dll.mui
csamsp.dll.mui
cscript.exe.mui
CSRR.rs.mui
csrsrv.dll.mui
csrss.exe.mui
ctfmon.exe.mui
cttune.exe.mui
cttunesvr.exe.mui
dataclen.dll.mui
dccw.exe.mui
dcomcnfg.exe.mui
DDACLSys.dll.mui
DDORes.dll.mui
ddraw.dll.mui
defaultlocationcpl.dll.mui
Defrag.exe.mui
defragsvc.dll.mui
desk.cpl.mui
deskadp.dll.mui
deskmon.dll.mui
deskperf.dll.mui
devenum.dll.mui
DeviceCenter.dll.mui
DevicePairing.dll.mui
DevicePairingFolder.dll.mui
DevicePairingProxy.dll.mui
DeviceProperties.exe.mui
DeviceUxRes.dll.mui
devmgmt.msc
devmgr.dll.mui
DFDTS.dll.mui
DFDWiz.exe.mui
DfrgUI.exe.mui
dfshim.dll.mui
DfsShlEx.dll.mui
dhcpcmonitor.dll.mui
dhcpcore.dll.mui
dhcpcore6.dll.mui
dhcpcsvc.dll.mui
dhcpcsvc6.dll.mui
DHCPQEC.DLL.MUI
dhcpsapi.dll.mui
DiagCpl.dll.mui
diagperf.dll.mui
dialer.exe.mui
dimsjob.dll.mui
dimsroam.dll.mui
dinotify.exe.mui
dinput.dll.mui
dinput8.dll.mui
diskcopy.dll.mui
diskmgmt.msc
diskpart.exe.mui
diskperf.exe.mui
diskraid.exe.mui
Dism.exe.mui
dispci.dll.mui
Display.dll.mui
DisplaySwitch.exe.mui
disrvpp.dll.mui
ditrace.exe.mui
djoin.exe.mui
dmdskres.dll.mui
dmdskres2.dll.mui
dmocx.dll.mui
dmusic.dll.mui
dmutil.dll.mui
dnsapi.dll.mui
dnscmmc.dll.mui
dnshc.dll.mui
dnsrslvr.dll.mui
docprop.dll.mui
DocumentPerformanceEvents.dll.mui
doskey.exe.mui
dot3api.dll.mui
dot3cfg.dll.mui
dot3dlg.dll.mui
dot3gpclnt.dll.mui
dot3gpui.dll.mui
dot3hc.dll.mui
dot3msm.dll.mui
dot3svc.dll.mui
dot3ui.dll.mui
dpapimig.exe.mui
dpapiprovider.dll.mui
DpiScaling.exe.mui
dpnet.dll.mui
dpnsvr.exe.mui
dps.dll.mui
driverquery.exe.mui
drprov.dll.mui
drt.dll.mui
drvinst.exe.mui
DShowRdpFilter.dll.mui
dskquota.dll.mui
dskquoui.dll.mui
dsound.dll.mui
dsprop.dll.mui
dsquery.dll.mui
dssec.dll.mui
dsuiext.dll.mui
dtsh.dll.mui
dui70.dll.mui
duser.dll.mui
dvdplay.exe.mui
dvdupgrd.exe.mui
dwm.exe.mui
dwmapi.dll.mui
dwmcore.dll.mui
dwmredir.dll.mui
DWrite.dll.mui
DWWIN.exe.mui
dxdiag.exe.mui
dxdiagn.dll.mui
dxgkrnl.sys.mui
dxp.dll.mui
dxpserver.exe.mui
DXPTaskRingtone.dll.mui
DxpTaskSync.dll.mui
eappcfg.dll.mui
eappgnui.dll.mui
eapphost.dll.mui
EAPQEC.DLL.MUI
eapsvc.dll.mui
efsadu.dll.mui
efscore.dll.mui
efssvc.dll.mui
EhStorAPI.dll.mui
EhStorAuthn.exe.mui
EhStorPwdMgr.dll.mui
EhStorShell.dll.mui
els.dll.mui
elscore.dll.mui
encdec.dll.mui
energy.dll.mui
eqossnap.dll.mui
erofflps.txt
ESENT.dll.mui
esrb.rs.mui
eudcedit.exe.mui
EventCreate.exe.mui
EventViewer_EventDetails.xsl
eventvwr.exe.mui
eventvwr.msc
evr.dll.mui
expand.exe.mui
explorerframe.dll.mui
extrac32.exe.mui
faultrep.dll.mui
fc.exe.mui
fde.dll.mui
fdeploy.dll.mui
fdPHost.dll.mui
fdprint.dll.mui
fdrespub.dll.mui
filemgmt.dll.mui
find.exe.mui
findstr.exe.mui
finger.exe.mui
FirewallAPI.dll.mui
FirewallControlPanel.dll.mui
fixmapi.exe.mui
fltlib.dll.mui
fltMC.exe.mui
fms.dll.mui
FntCache.dll.mui
fontext.dll.mui
fontview.exe.mui
forfiles.exe.mui
fphc.dll.mui
fsmgmt.msc
fsquirt.exe.mui
fsutil.exe.mui
fthsvc.dll.mui
ftp.exe.mui
FunDisc.dll.mui
fveapi.dll.mui
fvenotify.exe.mui
fveprompt.exe.mui
fverecover.dll.mui
fveui.dll.mui
fwcfg.dll.mui
fwpuclnt.dll.mui
FXSCOMPOSERES.dll.mui
FXSEVENT.dll.mui
FXSRESM.dll.mui
FXSUTILITY.dll.mui
g711codc.ax.mui
gameux.dll.mui
GCDEF.dll.mui
getmac.exe.mui
getuname.dll.mui
glu32.dll.mui
gpapi.dll.mui
gpedit.dll.mui
gpprnext.dll.mui
gpresult.exe.mui
gpsvc.dll.mui
gptext.dll.mui
gpupdate.exe.mui
grb.rs.mui
Groupinghc.dll.mui
grpconv.exe.mui
hcproviders.dll.mui
hdwwiz.cpl.mui
hdwwiz.exe.mui
help.exe.mui
hgcpl.dll.mui
hhctrl.ocx.mui
hid.dll.mui
hidphone.tsp.mui
hidserv.dll.mui
hlink.dll.mui
hnetcfg.dll.mui
hnetmon.dll.mui
hostname.exe.mui
hotplug.dll.mui
HotStartUserAgent.dll.mui
hpotiop1.dll.mui
hpotscl1.dll.mui
hpotscld.dll.mui
hpowiad1.dll.mui
hpowiav1.dll.mui
html.iec.mui
httpapi.dll.mui
htui.dll.mui
ias.dll.mui
iasacct.dll.mui
iasads.dll.mui
iasdatastore.dll.mui
iashlpr.dll.mui
iasrad.dll.mui
iassdo.dll.mui
iassvcs.dll.mui
ICacls.exe.mui
icardie.dll.mui
icardres.dll.mui
icm32.dll.mui
icmui.dll.mui
icsigd.dll.mui
IdListen.dll.mui
ie4uinit.exe.mui
ieakeng.dll.mui
ieaksie.dll.mui
ieakui.dll.mui
iedkcs32.dll.mui
ieframe.dll.mui
iepeers.dll.mui
iernonce.dll.mui
iesetup.dll.mui
ieui.dll.mui
ieunatt.exe.mui
iexpress.exe.mui
ifmon.dll.mui
igdDiag.dll.mui
ikeext.dll.mui
imaadp32.acm.mui
imageres.dll.mui
imagesp1.dll.mui
imapi.dll.mui
imapi2.dll.mui
imapi2fs.dll.mui
inetcpl.cpl.mui
inetpp.dll.mui
inetppui.dll.mui
inetres.dll.mui
InfDefaultInstall.exe.mui
input.dll.mui
inseng.dll.mui
intl.cpl.mui
iologmsg.dll.mui
IPBusEnum.dll.mui
ipconfig.exe.mui
iphlpapi.dll.mui
iphlpsvc.dll.mui
ipnathlp.dll.mui
iprtrmgr.dll.mui
ipsecsnp.dll.mui
ipsecsvc.dll.mui
IpsmSnap.dll.mui
irclass.dll.mui
irftp.exe.mui
irmon.dll.mui
irprops.cpl.mui
iscsicli.exe.mui
iscsicpl.dll.mui
iscsicpl.exe.mui
iscsidsc.dll.mui
iscsiexe.dll.mui
iscsilog.dll.mui
isoburn.exe.mui
iyuv_32.dll.mui
joy.cpl.mui
jscript.dll.mui
kerberos.dll.mui
kernel32.dll.mui
KernelBase.dll.mui
kernelceip.dll.mui
keyiso.dll.mui
keymgr.dll.mui
klist.exe.mui
kmddsp.tsp.mui
KMSVC.DLL.MUI
ksetup.exe.mui
ksproxy.ax.mui
kstvtune.ax.mui
kswdmcap.ax.mui
ksxbar.ax.mui
ktmutil.exe.mui
kywdds10.dll.mui
kywuds10.dll.mui
l2nacp.dll.mui
L2SecHC.dll.mui
l3codeca.acm.mui
label.exe.mui
licmgr10.dll.mui
lipeula.rtf
listsvc.dll.mui
lltdres.dll.mui
lmhsvc.dll.mui
loadperf.dll.mui
localsec.dll.mui
localspl.dll.mui
localui.dll.mui
LocationNotifications.exe.mui
Locator.exe.mui
lodctr.exe.mui
logagent.exe.mui
loghours.dll.mui
logman.exe.mui
lpeula.rtf
lpksetup.exe.mui
lpremove.exe.mui
lsasrv.dll.mui
lsm.exe.mui
lusrmgr.msc
Magnification.dll.mui
Magnify.exe.mui
main.cpl.mui
manage-bde.exe.mui
mapi32.dll.mui
mapistub.dll.mui
mblctr.exe.mui
mciavi32.dll.mui
mcicda.dll.mui
mciqtz32.dll.mui
mciseq.dll.mui
mciwave.dll.mui
mctadmin.exe.mui
mctres.dll.mui
McxDriv.dll.mui
mdminst.dll.mui
MdRes.exe.mui
MdSched.exe.mui
memdiag.dll.mui
mf.dll.mui
MFC42.dll.mui
MFC42u.dll.mui
mferror.dll.mui
mfplat.dll.mui
MFPlay.dll.mui
mfpmp.exe.mui
MFReadWrite.dll.mui
microsoft-windows-hal-events.dll.mui
microsoft-windows-kernel-power-events.dll.mui
microsoft-windows-kernel-processor-power-events.dll.mui
midimap.dll.mui
MigAutoPlay.exe.mui
miguiresource.dll.mui
mimefilt.dll.mui
mlang.dll.mui
mmc.exe.mui
mmcbase.dll.mui
mmci.dll.mui
mmcndmgr.dll.mui
mmcshext.dll.mui
mmcss.dll.mui
MMDevAPI.dll.mui
mmres.dll.mui
mmsys.cpl.mui
modemui.dll.mui
montr_ci.dll.mui
mountvol.exe.mui
mp4sdecd.dll.mui
mpr.dll.mui
mprddm.dll.mui
mprdim.dll.mui
mprmsg.dll.mui
mpssvc.dll.mui
mrinfo.exe.mui
msaatext.dll.mui
msacm32.dll.mui
msacm32.drv.mui
msadp32.acm.mui
msaudite.dll.mui
mscandui.dll.mui
mscms.dll.mui
msconfig.exe.mui
msctf.dll.mui
MsCtfMonitor.dll.mui
msctfui.dll.mui
msdrm.dll.mui
msdt.exe.mui
msdtc.exe.mui
msdtcVSp1res.dll.mui
msfeedsbs.dll.mui
msg711.acm.mui
msgsm32.acm.mui
mshta.exe.mui
mshtml.dll.mui
mshtmler.dll.mui
MsiCofire.dll.mui
msident.dll.mui
msidntld.dll.mui
msieftp.dll.mui
msiexec.exe.mui
msimsg.dll.mui
msimtf.dll.mui
msinfo32.exe.mui
msmpeg2enc.dll.mui
msobjs.dll.mui
msoert2.dll.mui
mspaint.exe.mui
msports.dll.mui
msprivs.dll.mui
msra.exe.mui
msrahc.dll.mui
msrating.dll.mui
msrle32.dll.mui
mssha.dll.mui
msshavmsg.dll.mui
mssign32.dll.mui
mssph.dll.mui
mssphtb.dll.mui
mssrch.dll.mui
mssvp.dll.mui
mstask.dll.mui
mstsc.exe.mui
mstscax.dll.mui
msutb.dll.mui
msv1_0.dll.mui
msvfw32.dll.mui
msvidc32.dll.mui
MSVidCtl.dll.mui
MSWMDM.dll.mui
mswsock.dll.mui
msxml3r.dll.mui
msxml6r.dll.mui
mtstocom.exe.mui
MultiDigiMon.exe.mui
mycomput.dll.mui
mydocs.dll.mui
Mystify.scr.mui
NAPCLCFG.MSC
napdsnap.dll.mui
napinsp.dll.mui
napipsec.dll.mui
NAPMONTR.DLL.MUI
NAPSTAT.EXE.MUI
nbtstat.exe.mui
NcdProp.dll.mui
nci.dll.mui
ncpa.cpl.mui
ncrypt.dll.mui
ncryptui.dll.mui
ncsi.dll.mui
ndadmin.exe.mui
nddeapi.dll.mui
ndfapi.dll.mui
ndishc.dll.mui
ndptsp.tsp.mui
netbtugc.exe.mui
netcenter.dll.mui
netcfg.exe.mui
netcfgx.dll.mui
netcorehc.dll.mui
netdiagfx.dll.mui
netevent.dll.mui
neth.dll.mui
netid.dll.mui
netiohlp.dll.mui
netiougc.exe.mui
netlogon.dll.mui
netman.dll.mui
netmsg.dll.mui
netplwiz.dll.mui
Netplwiz.exe.mui
netprof.dll.mui
netprofm.dll.mui
netsh.exe.mui
netshell.dll.mui
netstat.exe.mui
nettrace.dll.mui
NetworkExplorer.dll.mui
NetworkItemFactory.dll.mui
NetworkMap.dll.mui
newdev.dll.mui
newdev.exe.mui
nlahc.dll.mui
nlasvc.dll.mui
nlhtml.dll.mui
nlmgp.dll.mui
nlsbres.dll.mui
nltest.exe.mui
notepad.exe.mui
nshhttp.dll.mui
nshipsec.dll.mui
nshwfp.dll.mui
nsisvc.dll.mui
nslookup.exe.mui
ntdll.dll.mui
ntlanman.dll.mui
ntlanui2.dll.mui
ntmarta.dll.mui
ntprint.dll.mui
ntprint.exe.mui
ntshrui.dll.mui
ntvdm64.dll.mui
objsel.dll.mui
occache.dll.mui
ocsetup.exe.mui
odbcad32.exe.mui
odbcconf.exe.mui
odbcint.dll.mui
offFilt.dll.mui
oflc.rs.mui
ole32.dll.mui
oleaccrc.dll.mui
oledlg.dll.mui
oleprn.dll.mui
oleres.dll.mui
onex.dll.mui
onexui.dll.mui
OnLineIDCPL.dll.mui
oobefldr.dll.mui
openfiles.exe.mui
OptionalFeatures.exe.mui
osbaseln.dll.mui
osk.exe.mui
p2p.dll.mui
p2pcollab.dll.mui
p2phost.exe.mui
p2pnetsh.dll.mui
p2psvc.dll.mui
packager.dll.mui
pathping.exe.mui
pautoenr.dll.mui
pcaevts.dll.mui
pcalua.exe.mui
pcasvc.dll.mui
pcaui.dll.mui
pcwum.dll.mui
pcwutl.dll.mui
pdh.dll.mui
pdhui.dll.mui
pegi-fi.rs.mui
pegi-pt.rs.mui
pegi.rs.mui
pegibbfc.rs.mui
PerfCenterCPL.dll.mui
perfctrs.dll.mui
perfdisk.dll.mui
perfmon.exe.mui
perfmon.msc
perfnet.dll.mui
perfos.dll.mui
perfproc.dll.mui
perftrack.dll.mui
PhotoScreensaver.scr.mui
photowiz.dll.mui
ping.exe.mui
pla.dll.mui
PlaySndSrv.dll.mui
pnidui.dll.mui
pnpui.dll.mui
PnPUnattend.exe.mui
PnPutil.exe.mui
PNPXAssocPrx.dll.mui
pnrpauto.dll.mui
pnrphc.dll.mui
pnrpnsp.dll.mui
pnrpsvc.dll.mui
polstore.dll.mui
poqexec.exe.mui
PortableDeviceApi.dll.mui
portabledevicestatus.dll.mui
PortableDeviceSyncProvider.dll.mui
pots.dll.mui
powercfg.cpl.mui
powercfg.exe.mui
powercpl.dll.mui
powrprof.dll.mui
PresentationHost.exe.mui
prflbmsg.dll.mui
print.exe.mui
printui.dll.mui
printui.exe.mui
prnfldr.dll.mui
prnntfy.dll.mui
procinst.dll.mui
profsvc.dll.mui
propsys.dll.mui
proquota.exe.mui
provsvc.dll.mui
psbase.dll.mui
pshed.dll.mui
psr.exe.mui
puiapi.dll.mui
puiobj.dll.mui
pwrshplugin.dll.mui
QAgent.dll.mui
QAgentRT.dll.mui
qasf.dll.mui
qcap.dll.mui
QCLIPROV.DLL.MUI
qdv.dll.mui
qdvd.dll.mui
qedit.dll.mui
qmgr.dll.mui
QShvHost.dll.mui
QSVRMGMT.DLL.MUI
quartz.dll.mui
Query.dll.mui
Qutil.dll.mui
qwave.dll.mui
racengn.dll.mui
racpldlg.dll.mui
radardt.dll.mui
radarrs.dll.mui
rasapi32.dll.mui
rasauto.dll.mui
rasautou.exe.mui
rascfg.dll.mui
raschap.dll.mui
rasctrs.dll.mui
rasdiag.dll.mui
rasdial.exe.mui
rasdlg.dll.mui
raserver.exe.mui
rasgcw.dll.mui
rasmans.dll.mui
rasmbmgr.dll.mui
rasmm.dll.mui
rasmontr.dll.mui
rasphone.exe.mui
rasplap.dll.mui
rastls.dll.mui
rdpcfgex.dll.mui
rdpcorekmts.dll.mui
rdrleakdiag.exe.mui
reagent.dll.mui
reagentc.exe.mui
recdisc.exe.mui
recover.exe.mui
recovery.dll.mui
reg.exe.mui
regidle.dll.mui
regsvc.dll.mui
regsvr32.exe.mui
rekeywiz.exe.mui
relog.exe.mui
RelPost.exe.mui
remotepg.dll.mui
repair-bde.exe.mui
replace.exe.mui
RestartManager.mfl
RestartManagerUninstall.mfl
Ribbons.scr.mui
RMActivate.exe.mui
RMActivate_isv.exe.mui
RMActivate_ssp.exe.mui
RMActivate_ssp_isv.exe.mui
RmClient.exe.mui
Robocopy.exe.mui
route.exe.mui
RpcEpMap.dll.mui
RPCNDFP.dll.mui
RpcNs4.dll.mui
rpcnsh.dll.mui
rpcping.exe.mui
rpcrt4.dll.mui
rrinstaller.exe.mui
rshx32.dll.mui
RSMGRSTR.dll.mui
rstrtmgr.dll.mui
rstrui.exe.mui
rtffilt.dll.mui
rtm.dll.mui
runas.exe.mui
rundll32.exe.mui
RunLegacyCPLElevated.exe.mui
runonce.exe.mui
RW001Ext.dll.mui
RW330Ext.dll.mui
RW430Ext.dll.mui
RW450Ext.dll.mui
RWia001.dll.mui
RWia330.dll.mui
RWia430.dll.mui
RWia450.dll.mui
SaMinDrv.dll.mui
SampleRes.dll.mui
samsrv.dll.mui
sberes.dll.mui
sc.exe.mui
scansetting.dll.mui
SCardDlg.dll.mui
SCardSvr.dll.mui
sccls.dll.mui
scecli.dll.mui
scesrv.dll.mui
scext.dll.mui
schedsvc.dll.mui
schtasks.exe.mui
scksp.dll.mui
scripto.dll.mui
scrnsave.scr.mui
scrobj.dll.mui
scrrun.dll.mui
sdautoplay.dll.mui
sdbinst.exe.mui
sdchange.exe.mui
sdclt.exe.mui
sdcpl.dll.mui
sdengin2.dll.mui
sdiageng.dll.mui
sdiagnhost.exe.mui
sdiagprv.dll.mui
sdiagschd.dll.mui
sdohlp.dll.mui
sdrsvc.dll.mui
sdshext.dll.mui
searchfolder.dll.mui
SearchIndexer.exe.mui
secedit.exe.mui
sechost.dll.mui
secinit.exe.mui
seclogon.dll.mui
sendmail.dll.mui
sens.dll.mui
SensorsCpl.dll.mui
sensrsvc.dll.mui
serialui.dll.mui
services.exe.mui
services.msc
serwvdrv.dll.mui
sessenv.dll.mui
sethc.exe.mui
setspn.exe.mui
setupapi.dll.mui
setupcl.exe.mui
setupcln.dll.mui
setupetw.dll.mui
setupugc.exe.mui
setx.exe.mui
sfc.exe.mui
sharemediacpl.dll.mui
shdocvw.dll.mui
shell32.dll.mui
shellstyle.dll.mui
shgina.dll.mui
shimgvw.dll.mui
shlwapi.dll.mui
shrpubw.exe.mui
shsvcs.dll.mui
shutdown.exe.mui
shwebsvc.dll.mui
sigverif.exe.mui
slc.dll.mui
slcext.dll.mui
slui.exe.mui
SmartcardCredentialProvider.dll.mui
SMBHelperClass.dll.mui
SmiEngine.dll.mui
smss.exe.mui
sndvol.exe.mui
sndvolsso.dll.mui
SnippingTool.exe.mui
snmptrap.exe.mui
sntsearch.dll.mui
SODPPLM2.DLL.mui
softkbd.dll.mui
sort.exe.mui
SoundRecorder.exe.mui
spcmsg.dll.mui
sperror.dll.mui
spoolsv.exe.mui
spp.dll.mui
sppc.dll.mui
sppcc.dll.mui
sppcext.dll.mui
sppcomapi.dll.mui
sppcommdlg.dll.mui
sppnp.dll.mui
sppsvc.exe.mui
sppuinotify.dll.mui
spwizres.dll.mui
spwizui.dll.mui
sqlsrv32.rll.mui
srchadmin.dll.mui
srcore.dll.mui
srrstr.dll.mui
srvsvc.dll.mui
sscore.dll.mui
ssdpsrv.dll.mui
ssText3d.scr.mui
sstpsvc.dll.mui
sti.dll.mui
StikyNot.exe.mui
sti_ci.dll.mui
stobject.dll.mui
StorageContextHandler.dll.mui
Storprop.dll.mui
subst.exe.mui
sud.dll.mui
svchost.exe.mui
swprv.dll.mui
sxproxy.dll.mui
sxs.dll.mui
sxstrace.exe.mui
SyncCenter.dll.mui
SyncInfrastructure.dll.mui
syncreg.dll.mui
syncui.dll.mui
sysclass.dll.mui
sysdm.cpl.mui
SysFxUI.dll.mui
syskey.exe.mui
sysmain.dll.mui
sysmon.ocx.mui
systemcpl.dll.mui
systeminfo.exe.mui
SystemPropertiesAdvanced.exe.mui
SystemPropertiesComputerName.exe.mui
SystemPropertiesDataExecutionPrevention.exe.mui
SystemPropertiesHardware.exe.mui
SystemPropertiesPerformance.exe.mui
SystemPropertiesProtection.exe.mui
SystemPropertiesRemote.exe.mui
Tabbtn.dll.mui
tabcal.exe.mui
TabletPC.cpl.mui
TabSvc.dll.mui
takeown.exe.mui
tapi3.dll.mui
tapi32.dll.mui
tapisrv.dll.mui
tapiui.dll.mui
taskbarcpl.dll.mui
taskcomp.dll.mui
TaskEng.exe.mui
taskhost.exe.mui
taskkill.exe.mui
tasklist.exe.mui
taskmgr.exe.mui
taskschd.dll.mui
taskschd.msc
tbssvc.dll.mui
tcmsetup.exe.mui
tcpipcfg.dll.mui
TCPMON.dll.mui
TCPMonUI.dll.mui
tdh.dll.mui
telephon.cpl.mui
termmgr.dll.mui
termsrv.dll.mui
themecpl.dll.mui
themeservice.dll.mui
themeui.dll.mui
thumbcache.dll.mui
timedate.cpl.mui
timeout.exe.mui
tpm.msc
tpmcompc.dll.mui
TpmInit.exe.mui
tquery.dll.mui
tracerpt.exe.mui
tracert.exe.mui
trkwks.dll.mui
tsgqec.dll.mui
tsmf.dll.mui
TSTheme.exe.mui
TSWorkspace.dll.mui
tvratings.dll.mui
twext.dll.mui
typeperf.exe.mui
tzres.dll.mui
tzutil.exe.mui
ubpm.dll.mui
ucmhc.dll.mui
uDWM.dll.mui
ui0detect.exe.mui
UIAnimation.dll.mui
UIAutomationCore.dll.mui
uicom.dll.mui
UIHub.dll.mui
UIRibbon.dll.mui
ulib.dll.mui
umpnpmgr.dll.mui
umpo.dll.mui
unimdm.tsp.mui
unimdmat.dll.mui
unlodctr.exe.mui
unregmp2.exe.mui
upnp.dll.mui
upnphost.dll.mui
urlmon.dll.mui
usbceip.dll.mui
usbmon.dll.mui
usbperf.dll.mui
usbui.dll.mui
user32.dll.mui
UserAccountControlSettings.dll.mui
usercpl.dll.mui
userenv.dll.mui
userinit.exe.mui
usk.rs.mui
utildll.dll.mui
Utilman.exe.mui
uxtheme.dll.mui
VAN.dll.mui
Vault.dll.mui
VaultCmd.exe.mui
VaultCredProvider.dll.mui
vaultsvc.dll.mui
VaultSysUi.exe.mui
vbscript.dll.mui
vds.exe.mui
vdsbas.dll.mui
vdsdyn.dll.mui
vdsutil.dll.mui
vdsvd.dll.mui
verifier.exe.mui
vfwwdm32.dll.mui
vssadmin.exe.mui
vsstrace.dll.mui
VSSVC.exe.mui
w32time.dll.mui
w32tm.exe.mui
WABSyncProvider.dll.mui
waitfor.exe.mui
wavemsp.dll.mui
wbadmin.exe.mui
wbengine.exe.mui
wbiosrvc.dll.mui
wcncsvc.dll.mui
WcnNetsh.dll.mui
wcnwiz.dll.mui
WcsPlugInService.dll.mui
wdc.dll.mui
wdi.dll.mui
wdmaud.drv.mui
WEB.rs.mui
webcheck.dll.mui
webclnt.dll.mui
webio.dll.mui
webservices.dll.mui
wecsvc.dll.mui
wecutil.exe.mui
wer.dll.mui
werconcpl.dll.mui
wercplsupport.dll.mui
WerFault.exe.mui
WerFaultSecure.exe.mui
wersvc.dll.mui
werui.dll.mui
wevtapi.dll.mui
wevtfwd.dll.mui
wevtsvc.dll.mui
wevtutil.exe.mui
wextract.exe.mui
WF.msc
WfHC.dll.mui
WFSR.dll.mui
whealogr.dll.mui
where.exe.mui
whhelper.dll.mui
whoami.exe.mui
wiaacmgr.exe.mui
wiaaut.dll.mui
wiadefui.dll.mui
wiadss.dll.mui
wiafbdrv.dll.mui
wiascanprofiles.dll.mui
wiaservc.dll.mui
wiashext.dll.mui
wiavideo.dll.mui
wimgapi.dll.mui
win32k.sys.mui
win32spl.dll.mui
winbio.dll.mui
wincredprovider.dll.mui
windowsanytimeupgrade.exe.mui
windowsanytimeupgradeResults.exe.mui
windowsanytimeupgradeui.exe.mui
winethc.dll.mui
winhttp.dll.mui
wininet.dll.mui
wininit.exe.mui
winload.efi.mui
winload.exe.mui
winlogon.exe.mui
winmm.dll.mui
winresume.efi.mui
winresume.exe.mui
Winrs.exe.mui
WinSAT.exe.mui
WinSATAPI.dll.mui
WinSCard.dll.mui
winsockhc.dll.mui
winspool.drv.mui
winsrv.dll.mui
WinSync.rll.mui
WinSyncMetastore.rll.mui
WinSyncProviders.rll.mui
winver.exe.mui
wisptis.exe.mui
wksprt.exe.mui
wkssvc.dll.mui
wlanapi.dll.mui
wlancfg.dll.mui
WLanConn.dll.mui
wlandlg.dll.mui
wlanext.exe.mui
wlangpui.dll.mui
WLanHC.dll.mui
wlanmm.dll.mui
wlanpref.dll.mui
wlansvc.dll.mui
wlanui.dll.mui
wlanutil.dll.mui
wldap32.dll.mui
wlgpclnt.dll.mui
wmerror.dll.mui
wmidx.dll.mui
WmiMgmt.msc
wmiprop.dll.mui
wmpdui.dll.mui
WMPhoto.dll.mui
wmploc.DLL.mui
wmpshell.dll.mui
Wpc.dll.mui
wpcao.dll.mui
wpccpl.dll.mui
wpcmig.dll.mui
wpcsvc.dll.mui
wpcumi.dll.mui
WpdBusEnum.dll.mui
wpdshext.dll.mui
WPDShextAutoplay.exe.mui
WPDSp.dll.mui
wpdwcn.dll.mui
wpd_ci.dll.mui
wpnpinst.exe.mui
ws2_32.dll.mui
wscript.exe.mui
wscsvc.dll.mui
wscui.cpl.mui
wsdapi.dll.mui
WSDMon.dll.mui
WSDScDrv.dll.mui
wsecedit.dll.mui
wsepno.dll.mui
wshelper.dll.mui
wshext.dll.mui
wship6.dll.mui
wshom.ocx.mui
wshqos.dll.mui
wshrm.dll.mui
wshtcpip.dll.mui
WsmRes.dll.mui
WsmSvc.dll.mui
wsock32.dll.mui
wsqmcons.exe.mui
wuapi.dll.mui
wuaueng.dll.mui
wucltux.dll.mui
WUDFHost.exe.mui
wudfplatform.dll.mui
wudfsvc.dll.mui
wusa.exe.mui
wvc.dll.mui
wwanadvui.dll.mui
wwancfg.dll.mui
wwanconn.dll.mui
WWanHC.dll.mui
WWanMM.dll.mui
Wwanpref.dll.mui
wwansvc.dll.mui
wzcdlg.dll.mui
XInput9_1_0.dll.mui
xlog.exe.mui
xmlfilter.dll.mui
xpsfilt.dll.mui
xpsrchvw.exe.mui
xpsshhdr.dll.mui
xrWCbgnd.dll.mui
xrWCtmg2.dll.mui
xrWPcoin.dll.mui
xrWPcpl.dll.mui
xrWPcpst.dll.mui
xrWPusd.dll.mui
xwizard.exe.mui
xwizards.dll.mui
xwtpdui.dll.mui
xwtpw32.dll.mui

#12 sublime4ever81

sublime4ever81
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 17 October 2010 - 12:01 PM

Remember when I said that it may be a good idea to check my system32 volume folder? Here is why. I have 74 locked files that I can't even find much less access. many of these are in my volume folder and that is EXACTLY where the malicious software was hiding in my PC.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log
[WARNING] The file could not be opened!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log
[WARNING] The file could not be opened!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
[WARNING] The file could not be opened!
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb
[WARNING] The file could not be opened!
C:\System Volume Information\Syscache.hve
[WARNING] The file could not be opened!
C:\System Volume Information\Syscache.hve.LOG1
[WARNING] The file could not be opened!
C:\System Volume Information\Syscache.hve.LOG2
[WARNING] The file could not be opened!
C:\System Volume Information\{08e86f7a-cfbc-11df-a27b-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{1a58af0a-d30c-11df-a9e9-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{1a58af0b-d30c-11df-a9e9-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{1ab99da8-c4cd-11df-a381-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{454ef887-d3a5-11df-8cef-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{454ef8e2-d3a5-11df-8cef-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{454ef8e3-d3a5-11df-8cef-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{4fb88da6-d56b-11df-8488-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{bb719109-c591-11df-a9cf-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{bb719110-c591-11df-a9cf-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{cf44a660-d864-11df-8d47-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{cf44a661-d864-11df-8d47-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{cf44a6b3-d864-11df-8d47-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{cf44a6b8-d864-11df-8d47-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{d0a15053-cc9e-11df-904c-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{ef7265fc-d860-11df-8351-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{f3e49dea-d221-11df-b625-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\System Volume Information\{fd4b4305-c7ee-11df-9f51-00269e8ed85d}{3808876b-c176-4e48-b7ae-04046e6cc752}
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{648AB7C0-DA09-11DF-8D47-00269E8ED85D}.dat
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{799DD810-DA0D-11DF-8D47-00269E8ED85D}.dat
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{7A4B9C85-DA0D-11DF-8D47-00269E8ED85D}.dat
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{648AB7C1-DA09-11DF-8D47-00269E8ED85D}.dat
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{799DD811-DA0D-11DF-8D47-00269E8ED85D}.dat
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{7A4B9C86-DA0D-11DF-8D47-00269E8ED85D}.dat
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6839BEC2-91EE-4DEB-A530-DDD98B97C59B}.tmp
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{850AFBFC-DDBD-4E70-BB0B-0618491F6CD3}.tmp
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E2165E3A-5559-48AC-9025-748CB12F0E63}.tmp
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF095FBB9B775CC5F0.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF1E3D19A39064A643.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF21891EF1FAD3172B.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF272B9645A23DC338.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF35F308023CA1187B.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF37A2217F19E50B0A.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF389E9CEFABDC9F27.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF3D9B297164FB2581.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF4BCD6CE3743489A1.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF62F380D083FC0B65.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF64D6626ADDDF714A.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF70DE07DFF2C1D3F6.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF75EB0B36B8F1FBC6.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DF8CE87C7B7CDCAC8C.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFA625F3D61DDACFD3.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFA93779145A812022.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFB2A53C9C52A245BE.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFBBA984412B519B2E.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFBD6F638E1CE426E0.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFBE67E00CE6E60D88.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFC9550A5572590744.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFCC879009860A77C6.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFCDBAFAB533B1D5AE.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFCFAFAF817F8EBD8E.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFD2862C43DA7636DB.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFDE02AA4290DC64FE.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFDFC404EBD2A063C9.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFE0EF9ACE612DEE42.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFE8166A499324E7F8.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFEAF918C5BC7CB957.TMP
[WARNING] The file could not be opened!
C:\Users\Eric\AppData\Local\Temp\~DFF51E3F5B1B3A8491.TMP
[WARNING] The file could not be opened!
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
[WARNING] The file could not be opened!
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
[WARNING] The file could not be opened!
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\29192d66ccecf789db7ee525ae9e6bc2c4b4ddfa.HomeGroupClassifier\b2174a4c372b03586d0acecf5979881f\grouping\db.mdb
[WARNING] The file could not be opened!
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\29192d66ccecf789db7ee525ae9e6bc2c4b4ddfa.HomeGroupClassifier\b2174a4c372b03586d0acecf5979881f\grouping\edb.log
[WARNING] The file could not be opened!
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\29192d66ccecf789db7ee525ae9e6bc2c4b4ddfa.HomeGroupClassifier\b2174a4c372b03586d0acecf5979881f\grouping\tmp.edb
[WARNING] The file could not be opened!
C:\Windows\System32\catroot2\edb.log
[WARNING] The file could not be opened!
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
[WARNING] The file could not be opened!
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
[WARNING] The file could not be opened!
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
[WARNING] The file could not be opened!
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
[WARNING] The file could not be opened!
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
[WARNING] The file could not be opened!
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
[WARNING] The file could not be opened!
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl
[WARNING] The file could not be opened!


#13 sublime4ever81

sublime4ever81
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 18 October 2010 - 10:30 AM

ok i just tried to download the rootkit unhooker and I am unable to download it. Since I began having problems on my laptop, I have seen gmer download but not work properly, sophos anti-rootkit be removed on startup without my permission, OTL disappearing during the same exact startup, and now rootkit unhooker will not download. It said error driver NTSTATUS unable to load. Also to answer your question not only was spyware doctor unable to get rid of invisible keylogger, it scanned it and just kept right on going. Like a person has to be a friggin speed reader to read the entries as they're being scanned and then be able to pause at just the right moment because spyware doctor does not have an adequate log function. However I believe spyware doctor has been corrupted for quite some time. There is a list of file extensions that spyware doctor has on its ignore list, but I am unable to uncheck them. I'm the kind of person who wants to be able to scan absolutely everything in my computer. This has to be why spyware doctor didn't pick anything up but a bunch of cookiestrems and other low level infections. When I find infections I can't even quaratine them which is essential to prevent reincarnation. They are automatically deleted and I hacve no control over it. That's why I got rid of it and instead am using the paid version of malware bytes and the free avira for protection now. I also know that webroot was corrupted on my pc so I wouldn't be surprised if that happened to spyware doctor. If there is something else you would like to me try let me know.

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:14 PM

Posted 18 October 2010 - 06:12 PM

Hello, sublime4ever81.
Please don't forget the MBAM log. Also, as you run scans yourself, that means we have to start from step zero again, otherwise there's a good chance I'll do something that will conflict with what you did and we'll also be a step behind any viruses.

The locked files aren't necessarily a bad thing; many are often locked.

Now, this is the first time you mentioned malware running from system restore. That's indicative of a backdoor rootkit, specifically Whistler so I'll give you this warning:



Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.




However the rootkit that hides in system restore would be visible in running processes and I don't see it there in any logs.

I also looked through the list of files and nothing popped out as malware...what files did you see? I might have missed them when researching as it's a long

Also, please run MBR_Check again. When it finds a an unknown MBR type 1 to dump it to file. Type 0 for physical disk 0 when prompted. Then name it mbrdump.dat and save it. It should be in the same directory as MBR_Check. Please attach that file in your reply.

etavares

Edited by etavares, 18 October 2010 - 06:13 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 sublime4ever81

sublime4ever81
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 20 October 2010 - 02:15 PM

for starters I mentioned the system restore thing before. I was advised that it doesn't look like i had that particular virus. However, as I told you before I had several programs directly related to diagnostics and rootkit removal either be unusable or more often they were deleted when I restarted my computer. Something is in my computer and though I don't have time to explain the details, I have a feeling that these infections are about my work/hobby as an investigative researcher. I write about a lot of things I've researched that certain people would like to keep away from the public at large; even though the evidence I've uncovered during my research is all publicly available, it isn't something that one would read in the news or watch on t.v. I don't use my PC anymore, but shortly before I gave up trying to clean it out, I noticed my process monitor was recording a third party accessing my computer periodically and paying close attention to my photo folders as well as my document folders. I often noticed disappearing text during writing sessions that would always reappear as soon as I moved the mouse or hit the arrow key as well as wavy psychedellic looking words for no apparent reason. I saw on dateline that both are signs that one is infected with a keylogger or system monitor. That means someone was recording my documents. Like I said, I don't use my PC anymore. I was just mentioning that I'm pretty sure that these infections are not meant for theft purposes. I haven't been stolen from yet. No credit cards taken out in my name or anything else. I will say my laptop is nowhere near as infected as my PC was, but when my spyware doctor program scans something that says Invisible Keylogger and then goes on its merry way, that's a pretty clear sign I have one. Apparently someone instaled a lantern keylogger viewer in my laptop too. I know, I know. It can be a legitmate program. That is if I went out and bought the program myself, which I didn't. By the way I just tried to attach the MBAM log under the file name you asked for. It says I'm not permitted to upload that kind of file and I don't have a program that will open it. What should I do?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users