Microsoft Visual C++ Runtime Library Error

Discussion in 'Windows 7' started by Evol, Jan 7, 2013.

Thread Status:
Not open for further replies.
  1. Offline
    Evol

    Evol Registered Members

    Joined:
    Jan 7, 2013
    Messages:
    39
    Location:
    USA
    First let me say that I have searched many forums and threads with similar titles to this one, but so far have found no remedy that has worked. Please help!

    OS (Operating System): Windows 7 Professional 64 bit

    The Problem: I am frequently getting an "Interactive Services Detection" message that says "A program running on this computer is trying to display a message." When I click on "view the message" it takes me to a light blue screen with an error message from Microsoft Visual C++ Runtime Library. The message always says "This application has requested the Runtime to terminate it in an unusual way." It never says what application however. I have tried downloading the Microsoft Visual C++ 2010 Redistributable Package (x86)from here () but I still have the problem. I have uninstalled Microsoft Visual C++ and then re-installed it as well. I have also tried a clean boot, but was still unable to determine what was causing the problem. So far I have been unable to find any suggestions online other than the ones I just mentioned.

    I tried doing a system restore point to a time before the problem was occurring and before my new printer was installed, but it didn't fix anything (This really baffled me). I had a hunch the problem was related my new HP printer that I recently installed. My printer has stopped working properly, and I have seen others post with similar issues after installing a new HP printer. So I decided to uninstall my printer. The problem still occurs. I then tried to re-install my printer, but every time I try the error message pops up multiple times before the printer software finally says it was unable to install. The only other thing I can think of is I recently hooked up an external hard drive around the same time as the printer. There was no software for the hard drive however. It is simply plug and play through a USB port. It says it is compatible with XP and Vista but makes no mention of Windows 7. The drive still works fine, but in order to check if it was causing the problem I unplugged it and restarted my comp only to receive the same error message. I'm out of ideas. Any help is appreciated!
  2. Offline
    woodyblade

    woodyblade Inactive Staff Member

    Joined:
    Dec 20, 2009
    Messages:
    720
    Location:
    UK
    The external HDD (Hard Disk Drive) should be fine, usually anything that says it's compatible with Vista is also compatible with 7.
     
    Does this error occur when you load/attempt to load a program, when you first log onto Windows, or something else?
    Just need to establish whether it is a background process or application you load at the time.
     
    Also what software have you installed recently, say the last week or so?
  3. Offline
    Evol

    Evol Registered Members

    Joined:
    Jan 7, 2013
    Messages:
    39
    Location:
    USA
    It seems to just randomly happen.  Once I restart the comp it usually happens within 10 minutes or less for the first time.  But I wouldn't say it always happens as soon as I restart and log in every time.  Sometimes its probably within 2 minutes, but others it may take longer.  I have noticed that once my comp has been on for awhile (hours/days) it doesn't seem to happen very often, but it might happen randomly 4 or 5 times before it seems to stop.  
     
    The only thing I have discovered that makes the error ALWAYS occur, is attempting to install my HP printer again.  The error pops up multiple times and then the printer says it couldn't install properly. 
     
    A few days before Christmas I had some malware/virus try to lock me out of my comp.  I restarted in safe mode and did a system restore to a few days before that.  That seemed to work fine, except this is when I started noticing the error message.  After running Avast! and MalwareBytes, which both show up clean, the error was still occurring.  Now I decided to do a system restore for Dec. 5th.  This was the oldest restore point I had, and it was from before I installed my printer.  After this new restore the error still occured, but my printer did not work properly.  I uninstalled the printer (which took several attempts on account of the error message interrupting the uninstall).  Now when I try to re-install it I run into the problem I mentioned above.  
     
    It looks like I installed "Adobe Flash Player 11 ActiveX" on 12-22-12, and "Skype Click to Call" on 12-22-12.  Those are the only two things that would have been from around the same time the problem started occurring.  However I can't say for sure whether or not the problem started before, during, or on that date.
  4. Offline
    woodyblade

    woodyblade Inactive Staff Member

    Joined:
    Dec 20, 2009
    Messages:
    720
    Location:
    UK
    By the sounds of it I wouldn't be surprised if there is some bits of the printer software/drivers left, download RevoUninstaller (free version) from here - http://www.revouninstaller.com/revo_uninstaller_free_download.html
    And uninstall the printer stuff (if shown) and also to be sure uninstall the Adobe Flash and Skype add-on you mentioned, try that first.
     
    As for the virus/malware, I'm not an expert but I don't think a system restore would have removed the virus (or at least not entirely), I'll get one of the malware guys here to have a look and go through with you to make sure there isn't anything left.
  5. Offline
    Evol

    Evol Registered Members

    Joined:
    Jan 7, 2013
    Messages:
    39
    Location:
    USA
    I removed the Adobe Flash and Skype add-on.  There is nothing on there for Hewlett Packard though.  I haven't seen the error message since, but my comp has been on all day and as I said earlier the message is much less frequent the longer it stays on; unless I try to install my printer which causes multiple errors every time.  Should I just restart now and try to re-install the printer? 
     
    Also, I noticed that I have 4 previous versions of Microsoft Visual C++ installed.  All from 2008.  Should I take those off and see if that helps?
     
    As for the virus/malware, I was using Internet Explorer (I know, I know) instead of Google Chrome which is what I normally use.  I've noticed when I use IE that Avast tells me its blocking attacks on my comp all the time.  But when I use Google Chrome this seems to never happen.  Anyway, the virus/malware pops up and takes over my entire screen.  It says its the US Department of Justice and my comp is being locked down for "illegal activity" and I have to go to Walmart, buy MoneyPak, and give them $300 in the next 48 hours or they will prosecute me.  Lol, I guess they are hoping someone actually doing something illegal will be scared enough not to question it and just pay up.  I had seen this once before and using a system restore solved the problem just fine.  It did this time too, except for this error message I keep getting.  Also, I ran an Avast scan afterwards, got a hit and sent it to chest.  Now however, all scans come back clean.
  6. Offline
    DSTM (Dougie)

    DSTM (Dougie) ADMINISTRATOR Administrator

    Joined:
    May 3, 2009
    Messages:
    5,792
    Location:
    SYDNEY AUSTRALIA
    I'm pretty sure that you have Malware on your machine. I will send a message to our malware experts to look into it for you. Please be patient until they have looked at your thread.
  7. Offline
    Evol

    Evol Registered Members

    Joined:
    Jan 7, 2013
    Messages:
    39
    Location:
    USA
     
    OK, thank you!
  8. Offline
    DSTM (Dougie)

    DSTM (Dougie) ADMINISTRATOR Administrator

    Joined:
    May 3, 2009
    Messages:
    5,792
    Location:
    SYDNEY AUSTRALIA
  9. Offline
    Evol

    Evol Registered Members

    Joined:
    Jan 7, 2013
    Messages:
    39
    Location:
    USA
    Here are the OTL results.
     
     
    OTL logfile created on: 1/8/2013 8:05:37 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eddie\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    4.00 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 75.41% Memory free
    8.00 Gb Paging File | 6.07 Gb Available in Paging File | 75.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 93.54 Gb Free Space | 10.04% Space Free | Partition Type: NTFS
    Drive D: | 338.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 14.43 Gb Total Space | 12.03 Gb Free Space | 83.37% Space Free | Partition Type: FAT32
    Drive F: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.34% Space Free | Partition Type: NTFS
    Drive H: | 465.76 Gb Total Space | 129.16 Gb Free Space | 27.73% Space Free | Partition Type: NTFS
     
    Computer Name: EDDIE-PC | User Name: Eddie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Processes (SafeList) ==========
     
    PRC - C:\Users\Eddie\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Users\Eddie\AppData\Local\Temp\utt7D3C.tmp.exe (BitTorrent, Inc.)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
     
     
    ========== Modules (No Company Name) ==========
     
    MOD - C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
    MOD - C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll ()
    MOD - C:\Program Files\Verizon V CAST Media Manager\libexpat.dll ()
    MOD - C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll ()
     
     
    ========== Services (SafeList) ==========
     
    SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
    SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
     
     
    ========== Driver Services (SafeList) ==========
     
    DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
    DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
    DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
    DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
    DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
    DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
    DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (VNWUND6V) -- C:\Windows\SysNative\drivers\VW7UX64V.SYS (VIA Networking Technologies, Inc.   )
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
     
     
    ========== Standard Registry (SafeList) ==========
     
     
    ========== Internet Explorer ==========
     
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {98C1B55F-80AE-47C5-ABFA-6808DDC4D786}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{98C1B55F-80AE-47C5-ABFA-6808DDC4D786}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
     
    ========== FireFox ==========
     
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Eddie\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
     
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Eddie\AppData\Roaming\Move Networks [2010/02/02 23:41:03 | 000,000,000 | ---D | M]
     
     
    ========== Chrome  ==========
     
    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Eddie\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
    CHR - Extension: Google Search = C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
    CHR - Extension: avast! WebRep = C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
    CHR - Extension: Gmail = C:\Users\Eddie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
     
    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
    O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
    O4 - Startup: C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.9.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18350AE9-D029-4DE0-8D7D-361BFB8C203A}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1035CC2-10EC-49C2-8188-7CAAFA141772}: DhcpNameServer = 75.75.75.75 75.75.76.76
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/09/09 16:45:49 | 000,000,129 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2008/12/15 04:52:18 | 000,000,080 | ---- | M] () - H:\Autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{26984b07-0835-11df-ad1a-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{26984b07-0835-11df-ad1a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011/09/09 16:45:49 | 000,318,312 | R--- | M] (Hewlett-Packard Co.)
    O33 - MountPoints2\{e3aa27df-bba7-11df-abe9-00044b160d19}\Shell - "" = AutoRun
    O33 - MountPoints2\{e3aa27df-bba7-11df-abe9-00044b160d19}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
     
    MsConfig:64bit - StartUpFolder: C:^Users^Eddie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet Pro 8600.lnk - C:\Windows\SysNative\RunDll32.exe - (Microsoft Corporation)
    MsConfig:64bit - State: "startup" - Reg Error: Key error.
    MsConfig:64bit - State: "services" - Reg Error: Key error.
     
    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
    ========== Files/Folders - Created Within 30 Days ==========
     
    [2013/01/08 08:00:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
    [2013/01/08 06:29:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2013/01/08 06:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/01/08 06:27:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2013/01/07 22:18:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2013/01/07 22:18:36 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2013/01/06 10:01:31 | 000,778,088 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPM5912.dll
    [2013/01/06 08:57:57 | 000,000,000 | -H-D | C] -- C:\Config.Msi
    [2013/01/06 07:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2013/01/05 23:25:32 | 000,000,000 | ---D | C] -- C:\Users\Eddie\AppData\Local\ElevatedDiagnostics
    [2013/01/05 11:59:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2013/01/05 02:50:20 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
    [2013/01/05 02:50:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
    [2013/01/05 02:50:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
    [2013/01/05 02:50:15 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
    [2013/01/05 02:50:15 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
    [2013/01/05 02:50:09 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
    [2013/01/05 02:50:09 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
    [2013/01/05 02:50:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
    [2013/01/05 02:50:09 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
    [2013/01/05 02:50:09 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
    [2013/01/05 02:50:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
    [2013/01/05 02:50:08 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
    [2013/01/05 02:50:08 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
    [2013/01/05 02:50:08 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
    [2013/01/05 02:50:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
    [2013/01/05 02:50:08 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
    [2013/01/05 02:50:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2013/01/05 02:50:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
    [2013/01/05 02:50:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
    [2013/01/05 02:50:07 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
    [2013/01/05 02:50:07 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
    [2013/01/05 02:50:07 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
    [2013/01/05 02:50:06 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
    [2013/01/05 02:50:06 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
    [2013/01/05 02:49:39 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
    [2013/01/05 02:49:39 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
    [2013/01/05 02:49:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
    [2013/01/05 02:49:37 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
    [2013/01/05 02:33:41 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
    [2013/01/05 02:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2013/01/03 17:57:50 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\grey's anatomy
    [2012/12/22 06:21:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2012/12/22 06:21:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
    [2012/12/22 06:21:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
    [2012/12/22 06:21:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
    [2012/12/22 06:21:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2012/12/22 06:21:14 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
    [2012/12/22 06:21:14 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
    [2012/12/22 06:21:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
    [2012/12/22 06:21:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
    [2012/12/22 06:21:13 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2012/12/22 06:21:13 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
    [2012/12/22 06:21:13 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2012/12/22 06:21:12 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2012/12/22 06:21:12 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2012/12/22 06:21:12 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
    [2012/12/22 06:20:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012/12/22 06:20:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012/12/22 06:20:51 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012/12/22 06:20:51 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012/12/22 06:19:35 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
    [2012/12/22 06:19:34 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
    [2012/12/22 06:19:34 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
    [2012/12/22 06:19:34 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
    [2012/12/22 06:19:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
    [2012/12/22 06:19:31 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
    [2012/12/22 06:19:31 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
    [2012/12/22 06:19:31 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
    [2012/12/22 06:19:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
    [2012/12/22 06:19:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
    [2012/12/22 06:19:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
    [2012/12/22 06:19:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
    [2012/12/22 06:19:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/12/22 06:19:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/12/22 06:19:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    [2012/12/22 06:19:29 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/12/22 06:19:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012/12/22 06:19:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
    [2012/12/22 06:19:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    [2012/12/22 06:19:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
    [2012/12/22 06:19:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    [2012/12/22 06:19:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
    [2012/12/22 06:19:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    [2012/12/22 06:19:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
    [2012/12/22 06:19:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    [2012/12/22 06:19:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    [2012/12/22 06:19:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    [2012/12/22 06:19:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
    [2012/12/22 06:19:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    [2012/12/22 06:19:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    [2012/12/22 06:19:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    [2012/12/22 06:19:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    [2012/12/22 06:19:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
    [2012/12/22 06:19:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
    [2012/12/22 06:19:05 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
    [2012/12/22 06:19:05 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
    [2012/12/17 03:19:54 | 000,000,000 | ---D | C] -- C:\Users\Eddie\Desktop\Gwen Pics
    [2012/12/12 22:46:09 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
    ========== Files - Modified Within 30 Days ==========
     
    [2013/01/08 08:02:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Eddie\Desktop\OTL.exe
    [2013/01/08 07:55:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/08 07:21:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/01/08 06:28:55 | 000,001,108 | ---- | M] () -- C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/01/08 06:27:58 | 000,000,928 | ---- | M] () -- C:\Users\Eddie\Desktop\NTREGOPT.lnk
    [2013/01/08 06:27:58 | 000,000,909 | ---- | M] () -- C:\Users\Eddie\Desktop\ERUNT.lnk
    [2013/01/07 22:21:02 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/07 22:18:36 | 000,001,268 | ---- | M] () -- C:\Users\Eddie\Desktop\Revo Uninstaller.lnk
    [2013/01/06 10:02:18 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/06 10:02:18 | 000,013,456 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/06 09:45:49 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/06 09:45:49 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/06 09:45:49 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/06 09:40:52 | 3220,074,496 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/06 07:51:18 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2013/01/05 02:56:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/12/31 06:43:16 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/23 10:35:55 | 000,047,864 | ---- | M] () -- C:\Users\Eddie\Desktop\IMG951106_2.jpg
    [2012/12/22 08:14:17 | 000,002,378 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/12/22 08:14:17 | 000,002,277 | ---- | M] () -- C:\Users\Eddie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/12/22 06:44:03 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/12/22 05:56:00 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/12/18 23:53:12 | 000,005,919 | ---- | M] () -- C:\Users\Eddie\Desktop\Eddie's Picks 2012.ods
    [2012/12/16 12:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
    [2012/12/16 09:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
    [2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
    [2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
    [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
     
    ========== Files Created - No Company Name ==========
     
    [2013/01/08 06:28:55 | 000,001,108 | ---- | C] () -- C:\Users\Eddie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
    [2013/01/08 06:27:58 | 000,000,928 | ---- | C] () -- C:\Users\Eddie\Desktop\NTREGOPT.lnk
    [2013/01/08 06:27:58 | 000,000,909 | ---- | C] () -- C:\Users\Eddie\Desktop\ERUNT.lnk
    [2013/01/07 22:18:36 | 000,001,268 | ---- | C] () -- C:\Users\Eddie\Desktop\Revo Uninstaller.lnk
    [2013/01/06 07:51:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    [2013/01/06 07:51:18 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2012/12/23 10:35:54 | 000,047,864 | ---- | C] () -- C:\Users\Eddie\Desktop\IMG951106_2.jpg
    [2012/12/18 23:53:00 | 000,005,919 | ---- | C] () -- C:\Users\Eddie\Desktop\Eddie's Picks 2012.ods
    [2012/12/05 21:15:16 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
    [2012/10/31 04:16:42 | 000,000,406 | ---- | C] () -- C:\Windows\lexstat.ini
    [2012/07/23 05:31:59 | 004,503,728 | ---- | C] () -- C:\ProgramData\piz_0ef.pad
    [2011/05/04 19:45:45 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/03/09 19:42:27 | 000,004,096 | -H-- | C] () -- C:\Users\Eddie\AppData\Local\keyfile3.drm
     
    ========== ZeroAccess Check ==========
     
    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    ========== LOP Check ==========
     
    [2013/01/08 06:32:29 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\BitTorrent
    [2012/07/03 03:24:18 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\TesTeachers LLC
     
    ========== Purity Check ==========
     
     
     
    ========== Custom Scans ==========
     
    ========== Drive Information ==========
     
    Physical Drives
    ---------------
     
    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: SCSI
    Media Type: Fixed hard disk media
    Model: SAMSUNG HD103UJ SCSI Disk Device
    Partitions: 2
    Status: OK
    Status Info: 0
     
    Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
    Interface type: USB
    Media Type: Removable Media
    Model: Kingston DataTraveler SE9 USB Device
    Partitions: 1
    Status: OK
    Status Info: 0
     
    Drive: \\\\.\\PHYSICALDRIVE2 - External hard disk media
    Interface type: USB
    Media Type: External hard disk media
    Model: Seagate Desktop USB Device
    Partitions: 1
    Status: OK
    Status Info: 0
     
    Partitions
    ---------------
     
    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 100.00MB
    Starting Offset: 1048576
    Hidden sectors: 0
     
     
    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 931.00GB
    Starting Offset: 105906176
    Hidden sectors: 0
     
     
    DeviceID: Disk #1, Partition #0
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 14.00GB
    Starting Offset: 32256
    Hidden sectors: 0
     
     
    DeviceID: Disk #2, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 466.00GB
    Starting Offset: 32256
    Hidden sectors: 0
     
     
    < %SYSTEMDRIVE%\*.* >
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2013/01/06 09:40:52 | 3220,074,496 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2009/10/05 01:24:18 | 000,000,349 | -H-- | M] () -- C:\IPH.PH
    [2012/12/05 14:35:13 | 000,000,356 | ---- | M] () -- C:\lxbf.log
    [2010/04/30 17:45:08 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2010/03/11 12:51:35 | 000,000,901 | ---- | M] () -- C:\net_save.dna
    [2013/01/06 09:41:05 | 4293,435,392 | -HS- | M] () -- C:\pagefile.sys
    [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
     
    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
     
    < %systemroot%\*. /mp /s >
     
    < %systemroot%\system32\*.dll /lockedfiles >
     
    < %systemroot%\Tasks\*.job /lockedfiles >
     
    < %systemroot%\system32\drivers\*.sys /lockedfiles >
     
    < %systemroot%\system32\*.exe /lockedfiles >
     
    < %systemroot%\System32\config\*.sav >
     
    < %PROGRAMFILES%\* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
     
    < %USERPROFILE%\..|smtmp;true;true;true /FP  >
     
    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
     
    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/30 22:55:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/30 22:55:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/30 22:55:34 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
     
    < hklm\software\clients\startmenuinternet|command /64 /rs >
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/12/04 20:15:17 | 001,242,728 | ---- | M] (Google Inc.)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/30 22:55:34 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/30 22:55:34 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/30 22:55:34 | 000,089,088 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
    64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/11/13 21:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
     
    < End of report >
     
     
  10. Offline
    Evol

    Evol Registered Members

    Joined:
    Jan 7, 2013
    Messages:
    39
    Location:
    USA
    Here is the Extras log.
     
     
    OTL Extras logfile created on: 1/8/2013 8:05:37 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Eddie\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    4.00 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 75.41% Memory free
    8.00 Gb Paging File | 6.07 Gb Available in Paging File | 75.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 931.41 Gb Total Space | 93.54 Gb Free Space | 10.04% Space Free | Partition Type: NTFS
    Drive D: | 338.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive E: | 14.43 Gb Total Space | 12.03 Gb Free Space | 83.37% Space Free | Partition Type: FAT32
    Drive F: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.34% Space Free | Partition Type: NTFS
    Drive H: | 465.76 Gb Total Space | 129.16 Gb Free Space | 27.73% Space Free | Partition Type: NTFS
     
    Computer Name: EDDIE-PC | User Name: Eddie | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    ========== Extra Registry (SafeList) ==========
     
     
    ========== File Associations ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
     
    ========== Shell Spawning ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
     
    ========== Security Center Settings ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    ========== Firewall Settings ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1
     
    ========== Authorized Applications List ==========
     
     
    ========== Vista Active Open Ports Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03516C7E-4985-4AE1-817C-D2D6540696AE}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{05C2132A-D931-4C59-AC6B-978B49C2F118}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{09A1F1C5-8E92-48E9-8140-DC8224D84EBE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{0FFD00E7-7348-46BC-B55F-6F09DB125AE1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{11982BBE-571D-429C-B928-F5066A70ECBD}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{126B9FCD-C281-4C5D-A1E4-A16F0FD1BA73}" = lport=2869 | protocol=6 | dir=in | app=system | 
    "{16913356-54AA-4499-8265-42D037533A76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{391F3AD2-4581-4EFD-8CE1-0E8314985D53}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{544FAF0D-CBB1-4FC7-999C-EC22C64C0537}" = rport=139 | protocol=6 | dir=out | app=system | 
    "{5B515D8F-296B-4152-B52C-516E0D3794ED}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
    "{63D53C88-6936-405E-9CD4-05B46B5647B6}" = lport=10243 | protocol=6 | dir=in | app=system | 
    "{662895D7-5D41-458A-8479-4876B35C5C11}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{66E60D1F-22C3-40AC-B202-365671361CAF}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{6E382A5D-71E2-4858-80DD-C5600D2A194C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{8045A7F1-286F-49D7-BDED-8A1541E8D4CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
    "{93E61EFD-045A-4C4F-9E87-5A557D5CAB54}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
    "{A1485832-D642-4EBE-883B-14FD47E46E7F}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{B3692B00-11CB-4206-B70E-699CF65D8770}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
    "{CA57023C-DE81-49BB-8E1F-07EB946A7B53}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{CD333CD9-A4B7-45C6-A375-2290178C34FF}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{CFBBFC56-CE5C-4084-B023-CE6F7E500341}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{F228FF3E-23F9-4845-B270-C4AE979653ED}" = rport=10243 | protocol=6 | dir=out | app=system | 
     
    ========== Vista Active Application Exception List ==========
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{07AEDD1E-57F0-4A1F-9E65-89769FEEC3F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{094B246C-14AC-41B4-8E8F-79AD7E75B8A9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
    "{0A305045-D777-4827-B2CE-75C14447874B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
    "{1E697A84-FAE3-444D-ADEB-3CA4C23AFDF0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{27A33BC9-38B0-486D-B72B-6E752C817FDF}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
    "{2AB081D9-ECF3-4832-A7EB-44FBB3F516C5}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
    "{3FD52543-5D3D-47A8-B024-D9D35B99A1F8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
    "{424E0181-CCFD-495C-960D-0F3DF18B1790}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{439D1AFA-2E78-43DA-9E5A-44B8C58DED04}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
    "{470663FB-8A11-44FA-A82E-CFD99B13B5F3}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
    "{4D3EA108-2A87-4E60-B580-33C775FE9221}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
    "{4E7EA8DB-C031-494B-BBF4-6A06D42167FD}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
    "{556175C4-10F3-4EAD-9DA9-DF7231BC644F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{637ED01A-440E-4DD1-9886-D47185EEA926}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
    "{65F21A03-5CF5-480C-96B8-DCBB19ED0ABB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
    "{698B9D88-1690-4854-8179-95707C048186}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
    "{6AEEEEB7-EE99-4B70-B4A0-89407AB9B48A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{6F446ED3-E5C9-4494-82DA-9BC7BB409B3C}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
    "{7AA893EE-E459-48B9-9364-D8A7EE1A143F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
    "{8AE8FED5-D4D0-489A-A07F-CE5C93BC9525}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
    "{8B674FEF-5078-4528-970E-88444BA5E1E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{8D2D6A25-D512-4EE9-8096-7FB59B9933CA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
    "{91582D95-199D-4191-877F-3AED1BE2F8B4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
    "{91A6BF20-F49B-473E-BC14-F01DDCAB6DF7}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
    "{93657B95-82E2-4A1F-8447-F4A3ABA18451}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe | 
    "{9E6BD410-4584-4884-BBFE-F49D4CCE2DA9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    "{A0B5831A-500F-44C6-B38A-452900486CCC}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
    "{A8090212-C594-4052-BD64-8187EC54E8E5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{B74A08C0-8597-4DDC-B04B-FB82F67E57C3}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe | 
    "{B79AEA9B-81F4-42D1-92DF-DF0A61A6BEBD}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
    "{B805FEF4-70A2-4E45-81E0-27856A118255}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{BB7AE9C2-6D0C-4666-96B3-0595F3946755}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe | 
    "{BDE426AD-6FEF-4E23-872E-C2E3493A8C18}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
    "{BF6E2457-A2F7-4BE5-98CF-6A82E28ED28B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
    "{C36B0AF9-9CEC-4F3F-B3B6-93229738BF55}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe | 
    "{C77F5092-1FF6-446B-8F7F-39E3B0F08F28}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
    "{C9BCF4F8-01E4-4CD4-BBC8-124628A7D4CB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{CA0DA48D-3EAB-4712-A1DB-EE4A1E402CE7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
    "{CB61C942-D07A-480B-9375-40648F331407}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
    "{CD943CF1-B4A6-4AC8-B65E-1CAF24C0B77E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
    "{CDD46EC3-C38B-4EA0-ACAC-6E56574C1844}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe | 
    "{D146D7EB-A151-4F49-B74D-61E2E7A043F7}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe | 
    "{D6C1E3E9-4C5F-404E-AA8C-6876C4031F85}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
    "{DAC6B2F5-D0F9-4399-BD4D-2F5729ED3A27}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
    "{DAEFE3C6-90A5-43D2-A46A-FD9E6720EB22}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
    "{DB08B0D6-EAFC-4AAC-A1FD-B29C0B05FB8A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe | 
    "{DDCFE4CD-17AD-4577-A6F2-BFABD6E085DD}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
    "{DE0B4DCF-E341-4877-9B97-192DAD6F6C69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
    "{DE49035E-2866-4B70-A39A-4C89F9235F5D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
    "{E633558C-EB0B-4655-9B38-26C6A21F1EEC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
    "{E83D4D59-0977-49B1-968A-0AF42B3F4165}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
    "{EEC9BADE-5FF8-4EDD-B210-600A8127E316}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
    "{F68CC72A-9388-437A-ACFE-9EA3E4BC3D35}" = protocol=6 | dir=out | app=system | 
    "{F6B5AC84-F356-4804-8AEE-3CEBDF78905E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
    "TCP Query User{214209F1-AFF1-4A02-AAB4-A77148FB7499}C:\users\eddie\desktop\terran_demo_esrb_xvid.avi-downloader.exe" = protocol=6 | dir=in | app=c:\users\eddie\desktop\terran_demo_esrb_xvid.avi-downloader.exe | 
    "TCP Query User{2C6B8818-94F9-4DC1-821C-253E3FF8E2FB}C:\users\eddie\desktop\zerg_reveal_final_englishus2_xvid.avi-downloader.exe" = protocol=6 | dir=in | app=c:\users\eddie\desktop\zerg_reveal_final_englishus2_xvid.avi-downloader.exe | 
    "TCP Query User{4392D822-E947-438F-BA61-EEB37E351FEF}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
    "TCP Query User{48A9C544-154E-4A9E-8439-1FAF0BC8EF15}C:\users\eddie\appdata\local\microsoft\windows\temporary internet files\content.ie5\d1ooeke1\03-starcraft2_wwi_gameplay_demo_en-avi-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\eddie\appdata\local\microsoft\windows\temporary internet files\content.ie5\d1ooeke1\03-starcraft2_wwi_gameplay_demo_en-avi-downloader[1].exe | 
    "TCP Query User{532BDBC7-7ECE-45E1-983E-23E24D8E0B36}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
    "TCP Query User{5A3C308C-53EB-4945-A015-B7067012A8FA}C:\users\eddie\appdata\local\microsoft\windows\temporary internet files\content.ie5\q1qqx57n\1280_starcraft2gameplayvideo_englishus2-avi-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\eddie\appdata\local\microsoft\windows\temporary internet files\content.ie5\q1qqx57n\1280_starcraft2gameplayvideo_englishus2-avi-downloader[1].exe | 
    "TCP Query User{5CB8E632-B1C2-4E95-B692-E21B7FF20838}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
    "TCP Query User{631FD29E-266A-492C-AF9B-79FC3625B749}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
    "TCP Query User{635A43C0-9B20-4BBB-8F8F-337B2F14680C}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | 
    "TCP Query User{7064CC4D-025C-47CF-B820-0C26110E976E}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
    "TCP Query User{7A49CE94-97E6-49CE-B667-528BEF46372C}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
    "TCP Query User{7C15BA20-E55D-4A0A-9B9B-4670483E2111}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
    "TCP Query User{86B9A4CC-7D74-4566-9590-1CBD6C0F3B92}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
    "TCP Query User{87973382-07BF-4062-BB42-5B945CEB5DFA}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
    "TCP Query User{8E8B0CEB-944E-4163-B6AB-633927C577DD}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
    "TCP Query User{908DCF70-7C1D-4253-8D45-A797C30741F9}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
    "TCP Query User{92D67DF4-AC3C-44F5-8E5A-97440DCFAB9E}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
    "TCP Query User{993B6DC4-F041-40C2-BD58-908F0FB1180E}C:\program files (x86)\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
    "TCP Query User{9F2DADF1-3449-483E-B563-BB99EC699CA4}C:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | 
    "TCP Query User{C1AABDD8-6DC6-45F6-9B16-ACD4CA337061}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
    "TCP Query User{C3CCD5CE-67CF-4ED7-89C9-F0F7E482478B}C:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
    "TCP Query User{CDA14FFF-AF3A-459B-ABC5-5034A55D8D40}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe | 
    "TCP Query User{D592F1AF-0981-48D8-9E88-97E434B88700}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
    "TCP Query User{ED05BBDE-EBAA-4038-986C-C1D4698A2B9C}C:\program files (x86)\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe | 
    "TCP Query User{F7B1C5B5-0BAF-4B25-9338-F1BBB437EB05}C:\users\eddie\appdata\local\microsoft\windows\temporary internet files\content.ie5\q1qqx57n\terran_demo_esrb_xvid.avi-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\eddie\appdata\local\microsoft\windows\temporary internet files\content.ie5\q1qqx57n\terran_demo_esrb_xvid.avi-downloader[1].exe | 
    "TCP Query User{FA2EF508-A590-4109-8301-AF3851A45CBC}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
    "UDP Query User{0B12A289-EBBD-4EDF-9249-B85A40B05B5A}C:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2103-enus-tools-downloader.exe | 
    "UDP Query User{0F86DAF5-D91E-4A8B-BC98-F441A5CAF41A}C:\users\eddie\appdata\local\microsoft\windows\temporary internet files\content.ie5\d1ooeke1\03-starcraft2_wwi_gameplay_demo_en-avi-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\eddie\appdata\local\microsoft\windows\temporary internet files\content.ie5\d1ooeke1\03-starcraft2_wwi_gameplay_demo_en-avi-downloader[1].exe | 
    "UDP Query User{1882BE65-F485-41F4-BC2F-ACBDD3C92017}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe | 
    "UDP Query User{1940A86F-6138-4844-B8AB-2EFA66A41560}C:\users\eddie\desktop\zerg_reveal_final_englishus2_xvid.avi-downloader.exe" = protocol=17 | dir=in | app=c:\users\eddie\desktop\zerg_reveal_final_englishus2_xvid.avi-downloader.exe | 
    "UDP Query User{347E0E1B-911A-4C5B-B4A5-E007C3984BED}C:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.0.1807-to-4.0.0.2072-enus-tools-downloader.exe | 
    "UDP Query User{4BA78E62-E824-46A2-971F-F055D579F41E}C:\program files (x86)\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16605\sc2.exe | 
    "UDP Query User{4BF04E79-C0BD-4592-9D5D-A42B8DDF76C3}C:\program files (x86)\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
    "UDP Query User{4C0D5908-B423-411D-9DC7-BF1F77B8CE21}C:\program files (x86)\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe | 
    "UDP Query User{4CCAA9B5-E350-4A27-ACAF-5E541732831F}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
    "UDP Query User{4E1F50F7-8245-4014-B3D8-67FD27A991FB}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe | 
    "UDP Query User{52CB2B6A-3E61-479D-A44F-ED8E788925C5}C:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
    "UDP Query User{7235435D-856E-458E-8663-D810022321DA}C:\program files (x86)\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base18574\sc2.exe | 
    "UDP Query User{889C25AF-5938-45D1-A557-162B0C0AF9D3}C:\program files (x86)\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16561\sc2.exe | 
    "UDP Query User{8F25234E-C955-48BD-A7D8-54582C6BA362}C:\program files (x86)\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19679\sc2.exe | 
    "UDP Query User{91E641AC-3D88-4C2E-AB2B-07A84B8EF230}C:\users\eddie\desktop\terran_demo_esrb_xvid.avi-downloader.exe" = protocol=17 | dir=in | app=c:\users\eddie\desktop\terran_demo_esrb_xvid.avi-downloader.exe | 
    "UDP Query User{9B00735D-DEEB-44DD-8C1B-0043B4E2D280}C:\users\eddie\appdata\local\microsoft\windows\temporary internet files\content.ie5\q1qqx57n\terran_demo_esrb_xvid.avi-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\eddie\appdata\local\microsoft\windows\temporary internet files\content.ie5\q1qqx57n\terran_demo_esrb_xvid.avi-downloader[1].exe | 
    "UDP Query User{A1918276-B001-4E31-BED8-B486BDE76B1C}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
    "UDP Query User{B35CF04C-4920-43CC-B580-1FF936834531}C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
    "UDP Query User{B3BD1100-9E76-4AD6-92E6-EF5179CF1DFE}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe | 
    "UDP Query User{B6F7BDC5-F7BB-407B-8229-0ABF92C99A21}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
    "UDP Query User{C06C210E-BF94-484B-B4D1-C76AB13B7BE6}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
    "UDP Query User{C5BB74D9-7078-499A-8D5D-B17F66FF0D40}C:\program files (x86)\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16939\sc2.exe | 
    "UDP Query User{D995AB4C-67FD-46C5-AE95-C564345C043B}C:\program files (x86)\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base19132\sc2.exe | 
    "UDP Query User{ED3B6905-E348-44B3-A3AB-B7AE7F0209C4}C:\program files (x86)\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base16755\sc2.exe | 
    "UDP Query User{EDFD8580-4B6F-47DE-AAB2-FD04B5ED4EEB}C:\program files (x86)\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\blizzard downloader.exe | 
    "UDP Query User{F8935DEE-9DAD-4BAF-8FFA-B78B09901E97}C:\users\eddie\appdata\local\microsoft\windows\temporary internet files\content.ie5\q1qqx57n\1280_starcraft2gameplayvideo_englishus2-avi-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\eddie\appdata\local\microsoft\windows\temporary internet files\content.ie5\q1qqx57n\1280_starcraft2gameplayvideo_englishus2-avi-downloader[1].exe | 
     
    ========== HKEY_LOCAL_MACHINE Uninstall List ==========
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "VN_VUIns_WETU_VIA" = VIA Technologies USB Wireless LAN Adapter
    "WinRAR archiver" = WinRAR archiver
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{118C3943-1683-42EF-824D-C22E70DB42E7}" = Comcast Desktop Software (v1.2.1)
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
    "{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.24
    "{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "avast" = avast! Free Antivirus
    "BitTorrent" = BitTorrent
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
    "DVD Shrink_is1" = DVD Shrink 3.2
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ERUNT_is1" = ERUNT 1.1j
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "FLV Player" = FLV Player 2.0 (build 25)
    "Google Chrome" = Google Chrome
    "HijackThis" = HijackThis 2.0.2
    "HTC_WModemDriver" = WModem Driver Installer
    "Lords of the Realm2" = Lords of the Realm2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PokerStars.net" = PokerStars.net
    "Revo Uninstaller" = Revo Uninstaller 1.94
    "StarCraft" = StarCraft
    "StarCraft II" = StarCraft II
    "Verizon V CAST Media Manager" = Verizon V CAST Media Manager
    "Warcraft II BNE" = Warcraft II BNE
    "World of Warcraft" = World of Warcraft
     
    ========== HKEY_CURRENT_USER Uninstall List ==========
     
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player
     
    ========== Last 20 Event Log Errors ==========
     
    [ Application Events ]
    Error - 1/6/2013 11:05:07 AM | Computer Name = Eddie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time
     stamp: 0x4f35fc1d  Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
     stamp: 0x4eeb033f  Exception code: 0x40000015  Fault offset: 0x000000000002a84e  Faulting
     process id: 0x56c  Faulting application start time: 0x01cdec1ecb0569a0  Faulting application
     path: C:\Windows\System32\spoolsv.exe  Faulting module path: C:\Windows\system32\msvcrt.dll
    Report
     Id: 74aed270-5812-11e2-8f35-00044b160d19
     
    Error - 1/6/2013 11:05:10 AM | Computer Name = Eddie-PC | Source = MsiInstaller | ID = 10005
    Description = 
     
    Error - 1/6/2013 11:05:21 AM | Computer Name = Eddie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time
     stamp: 0x4f35fc1d  Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
     stamp: 0x4eeb033f  Exception code: 0x40000015  Fault offset: 0x000000000002a84e  Faulting
     process id: 0xdbc  Faulting application start time: 0x01cdec1f38a40110  Faulting application
     path: C:\Windows\System32\spoolsv.exe  Faulting module path: C:\Windows\system32\msvcrt.dll
    Report
     Id: 7cd35340-5812-11e2-8f35-00044b160d19
     
    Error - 1/7/2013 7:07:49 PM | Computer Name = Eddie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time
     stamp: 0x4f35fc1d  Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
     stamp: 0x4eeb033f  Exception code: 0x40000015  Fault offset: 0x000000000002a84e  Faulting
     process id: 0x1370  Faulting application start time: 0x01cded2b7ae447d0  Faulting application
     path: C:\Windows\System32\spoolsv.exe  Faulting module path: C:\Windows\system32\msvcrt.dll
    Report
     Id: 0e16f520-591f-11e2-8f35-00044b160d19
     
    Error - 1/7/2013 7:07:52 PM | Computer Name = Eddie-PC | Source = MsiInstaller | ID = 10005
    Description = 
     
    Error - 1/7/2013 7:08:00 PM | Computer Name = Eddie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time
     stamp: 0x4f35fc1d  Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
     stamp: 0x4eeb033f  Exception code: 0x40000015  Fault offset: 0x000000000002a84e  Faulting
     process id: 0x1160  Faulting application start time: 0x01cded2bd1cfde10  Faulting application
     path: C:\Windows\System32\spoolsv.exe  Faulting module path: C:\Windows\system32\msvcrt.dll
    Report
     Id: 149e8ed0-591f-11e2-8f35-00044b160d19
     
    Error - 1/7/2013 7:08:37 PM | Computer Name = Eddie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time
     stamp: 0x4f35fc1d  Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
     stamp: 0x4eeb033f  Exception code: 0x40000015  Fault offset: 0x000000000002a84e  Faulting
     process id: 0x6e0  Faulting application start time: 0x01cded2bd9c44e30  Faulting application
     path: C:\Windows\System32\spoolsv.exe  Faulting module path: C:\Windows\system32\msvcrt.dll
    Report
     Id: 2a323d50-591f-11e2-8f35-00044b160d19
     
    Error - 1/7/2013 7:08:39 PM | Computer Name = Eddie-PC | Source = MsiInstaller | ID = 10005
    Description = 
     
    Error - 1/7/2013 7:08:50 PM | Computer Name = Eddie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time
     stamp: 0x4f35fc1d  Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
     stamp: 0x4eeb033f  Exception code: 0x40000015  Fault offset: 0x000000000002a84e  Faulting
     process id: 0x1158  Faulting application start time: 0x01cded2bee1b0fe0  Faulting application
     path: C:\Windows\System32\spoolsv.exe  Faulting module path: C:\Windows\system32\msvcrt.dll
    Report
     Id: 323e2d10-591f-11e2-8f35-00044b160d19
     
    Error - 1/7/2013 7:10:59 PM | Computer Name = Eddie-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time
     stamp: 0x4f35fc1d  Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time
     stamp: 0x4eeb033f  Exception code: 0x40000015  Fault offset: 0x000000000002a84e  Faulting
     process id: 0x780  Faulting application start time: 0x01cded2bfc28a070  Faulting application
     path: C:\Windows\System32\spoolsv.exe  Faulting module path: C:\Windows\system32\msvcrt.dll
    Report
     Id: 7f0ad210-591f-11e2-8f35-00044b160d19
     
    [ Media Center Events ]
    Error - 6/28/2010 11:39:51 PM | Computer Name = Eddie-PC | Source = MCUpdate | ID = 0
    Description = 11:39:51 PM - Failed to retrieve Directory (Error: Unable to connect
     to the remote server)  
     
    Error - 6/28/2010 11:40:34 PM | Computer Name = Eddie-PC | Source = MCUpdate | ID = 0
    Description = 11:40:33 PM - Failed to retrieve NetTV (Error: Unable to connect to
     the remote server)  
     
    [ OSession Events ]
    Error - 8/18/2010 10:35:07 PM | Computer Name = Eddie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
     12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
     seconds with 0 seconds of active time.  This session ended with a crash.
     
    Error - 11/16/2010 5:38:44 PM | Computer Name = Eddie-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
     12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3334
     seconds with 0 seconds of active time.  This session ended with a crash.
     
    [ System Events ]
    Error - 1/6/2013 11:01:52 AM | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7034
    Description = The Print Spooler service terminated unexpectedly.  It has done this
     4 time(s).
     
    Error - 1/6/2013 11:02:03 AM | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7034
    Description = The Print Spooler service terminated unexpectedly.  It has done this
     5 time(s).
     
    Error - 1/6/2013 11:05:10 AM | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7034
    Description = The Print Spooler service terminated unexpectedly.  It has done this
     6 time(s).
     
    Error - 1/6/2013 11:05:23 AM | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7034
    Description = The Print Spooler service terminated unexpectedly.  It has done this
     7 time(s).
     
    Error - 1/7/2013 7:07:52 PM | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7031
    Description = The Print Spooler service terminated unexpectedly.  It has done this
     1 time(s).  The following corrective action will be taken in 60000 milliseconds:
     Restart the service.
     
    Error - 1/7/2013 7:08:03 PM | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7031
    Description = The Print Spooler service terminated unexpectedly.  It has done this
     2 time(s).  The following corrective action will be taken in 60000 milliseconds:
     Restart the service.
     
    Error - 1/7/2013 7:08:39 PM | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7034
    Description = The Print Spooler service terminated unexpectedly.  It has done this
     3 time(s).
     
    Error - 1/7/2013 7:08:52 PM | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
     the service) after the unexpected termination of the Print Spooler service, but
     this action failed with the following error:   %%1056
     
    Error - 1/7/2013 7:08:53 PM | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7034
    Description = The Print Spooler service terminated unexpectedly.  It has done this
     4 time(s).
     
    Error - 1/7/2013 7:11:01 PM | Computer Name = Eddie-PC | Source = Service Control Manager | ID = 7034
    Description = The Print Spooler service terminated unexpectedly.  It has done this
     5 time(s).
     
     
    < End of report >
     
  11. Offline
    Evol

    Evol Registered Members

    Joined:
    Jan 7, 2013
    Messages:
    39
    Location:
    USA
    Here is the MBAM log and the aswMBR results as well.  Thanks in advance!
     
     
    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org
     
    Database version: v2013.01.08.06
     
    Windows XP Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Eddie :: EDDIE-PC [administrator]
     
    1/8/2013 6:34:09 AM
    mbam-log-2013-01-08 (06-34-09).txt
     
    Scan type: Full scan (C:\|D:\|E:\|F:\|H:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 566826
    Time elapsed: 55 minute(s), 2 second(s)
     
    Memory Processes Detected: 0
    (No malicious items detected)
     
    Memory Modules Detected: 0
    (No malicious items detected)
     
    Registry Keys Detected: 0
    (No malicious items detected)
     
    Registry Values Detected: 0
    (No malicious items detected)
     
    Registry Data Items Detected: 0
    (No malicious items detected)
     
    Folders Detected: 0
    (No malicious items detected)
     
    Files Detected: 0
    (No malicious items detected)
     
    (end)
     
     

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-08 08:22:03
    -----------------------------
    08:22:03.855    OS (Operating System) Version: Windows x64 6.1.7601 Service Pack 1
    08:22:03.870    Number of processors: 2 586 0x170A
    08:22:03.870    ComputerName: EDDIE-PC  UserName: Eddie
    08:22:05.852    Initialze error C0000034 - driver not loaded
    08:22:09.986    AVAST engine defs: 13010701
    08:23:08.573    Service scanning
    08:23:24.064    Modules scanning
    08:23:24.064    Disk 0 trace - called modules:
    08:23:24.064    
    08:23:25.592    AVAST engine scan C:\Windows
    08:23:27.823    AVAST engine scan C:\Windows\system32
    08:24:57.024    AVAST engine scan C:\Windows\system32\drivers
    08:25:05.276    AVAST engine scan C:\Users\Eddie
    08:29:15.485    AVAST engine scan C:\ProgramData
    08:34:07.423    Scan finished successfully
    08:35:13.868    The log file has been saved successfully to "C:\Users\Eddie\Desktop\aswMBR.txt"
     
     

     
  12. Offline
    DSTM (Dougie)

    DSTM (Dougie) ADMINISTRATOR Administrator

    Joined:
    May 3, 2009
    Messages:
    5,792
    Location:
    SYDNEY AUSTRALIA
    That's excellent. Please be patient for Starbuck.
    That makes it so much quicker to already have those logs. :up:
  13. Offline
    starbuck

    starbuck MALWARE REMOVAL SPECIALIST - MODERATOR Moderator

    Joined:
    Sep 26, 2009
    Messages:
    1,719
    Location:
    Midlands, UK
    @DSTM ... thanks for passing on my message.

    Hi Evol

    <span style="color:#008000; P2P Warning
    Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
    Once upon a time, P2P file sharing was fairly safe. That is no longer true.
    P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

    Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
    When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

    You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
    If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

    If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


    I see you installed Erunt today.
    Did you see this note on the Prep guide page:
    So because Erunt is in the startup section of the OTL report..... you may get an error about Erunt when starting your system.


    <span style="color:#008000; Step 1
    Double click on OTL to run it.
    Copy the lines in the codebox below. (make sure that :Otl is on the first line )
    Code:
     
    :otl
    PRC - C:\Users\Eddie\AppData\Local\Temp\utt7D3C.tmp.exe (BitTorrent, Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{26984b07-0835-11df-ad1a-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{26984b07-0835-11df-ad1a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011/09/09 16:45:49 | 000,318,312 | R--- | M] (Hewlett-Packard Co.)
    MsConfig:64bit - StartUpFolder: C:^Users^Eddie^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Officejet Pro 8600.lnk - C:\Windows\SysNative\RunDll32.exe - (Microsoft Corporation)
    [2013/01/08 06:32:29 | 000,000,000 | ---D | M] -- C:\Users\Eddie\AppData\Roaming\BitTorrent
    
    :Files
    C:\Windows\Hewlett-Packard
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [purity]
    [RESETHOSTS]
     
    <ul class="bbc Return to OTL,
    right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste .

    http://img.photobucket.com/albums/v708/starbuck50 ew%20forum/scan-fix.png" alt="scan-fix.png
    Click the red [b] Run Fix[/b] button.

    [IMG]http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png" alt="runfixbutton.png
    OTL will reboot your system once the fix has completed.
    After the reboot, you may need to double click OTL to launch the program and retrieve the log.
    [b] Copy and paste the contents of the OTL log that comes up after the fix in your next reply[/b] .

    [b] if you lose the report, there will be a copy here[/b] :
    C:\_OTL\[b] MovedFiles[/b]


    [b] <span style="color:#008000; Step 2[/b]
    [b] <span style="color:#FF0000; Your Java is out of date.[/b] Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. [b] Please follow these steps to remove older version Java components and update[/b] :
    <ul class="bbc Download the latest version of [b] [url=http://java.sun.com/javase/downloads/index.jsp <span style="color:#0000FF; Java Runtime Environment (JRE) 7 Update 10[url][/b] and save it to your desktop.
    Scroll down to where it says "[b] Java SE 7 Update 10[/b] ".
    Click the "[b] Download JRE[/b] " button to the right.
    Accept the license agreement.
    select [b] 'Windows x64'[/b] from the list.
    Save the file to your desktop.
    Close any programs you may have running - especially your web browser.
    Go to Start > Settings > Control Panel, double-click on [b] [url=http://www.bleepingcomputer.com/forums/topic42133.html <span style="color:#0000FF; Add/Remove Programs[url][/b] and remove all older versions of Java.
    Check ([b] highlight[/b] ) any item with Java Runtime Environment (JRE or J2SE) in the name.
    Click the [b] Remove[/b] or [b] Change/Remove[/b] button.
    Repeat as many times as necessary to remove each Java versions.
    Reboot your computer once all Java components are removed.
    Then from your desktop double-click on [b] jre-7u10-windows-i586-p.exe[/b] to install the newest version.

    In your next reply, please submit:
    Otl fix report


    Thanks.
  14. Offline
    Evol

    Evol Registered Members

    Joined:
    Jan 7, 2013
    Messages:
    39
    Location:
    USA
    I responded a few hours ago, came back to check on the thread and my post is gone, and this entire site looks like it just underwent a remodel or something.... weird. Also, your links have disappeared and are showing up like this: < a href="http://java.sun.com/javase/downloads/index.jsp < span style="color:#0000FF; Java Runtime Environment (JRE) 7 Update 10< /a>. Not sure if this is a problem on my end or not, but everything was fine a few hours ago. OK, so let me try this again. First, I read the Erunt note and ran the program per the instructions. You are right, upon restarting my comp after the OTL scan it did give me an error message. Should I remove it from my startup section?

    As far as Java is concerned there are two "Windows x64" files to choose from. One is "jre-7u10-windows-x64.exe " and the other is "jre-7u10-windows-x64.tar.gz ". I assume its the first one but I'll wait for you to respond before I update Java. Also, there are no files called " jre-7u10-windows-i586-p.exe" available to download. There are a few files with "i586" in the name, but they are for Windows x86 or other operating systems.

    Just a quick update on the C++ error message. As soon as my system rebooted after the OTL scan I received the C++ error message. It then popped up 2 more times over the next couple of minutes.

    Here is the OTL fix report:
    All processes killed
    ========== OTL ==========
    No active process named utt7D3C.tmp.exe was found!
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26984b07-0835-11df-ad1a-806e6f6e6963}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26984b07-0835-11df-ad1a-806e6f6e6963}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26984b07-0835-11df-ad1a-806e6f6e6963}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26984b07-0835-11df-ad1a-806e6f6e6963}\ not found.
    File move failed. D:\Setup.exe scheduled to be moved on reboot.
    C:\Users\Eddie\AppData\Roaming\BitTorrent\dlimagecache folder moved successfully.
    C:\Users\Eddie\AppData\Roaming\BitTorrent\apps folder moved successfully.
    C:\Users\Eddie\AppData\Roaming\BitTorrent folder moved successfully.
    ========== FILES ==========
    C:\Windows\Hewlett-Packard\Setup Files\HP Software Update\{83B34002-FCA8-4E3A-94E9-48B0A0D9C418} folder moved successfully.
    C:\Windows\Hewlett-Packard\Setup Files\HP Software Update folder moved successfully.
    C:\Windows\Hewlett-Packard\Setup Files folder moved successfully.
    C:\Windows\Hewlett-Packard folder moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Eddie\Desktop\cmd.bat deleted successfully.
    C:\Users\Eddie\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Eddie
    ->Temp folder emptied: 22782229 bytes
    ->Temporary Internet Files folder emptied: 2935371 bytes
    ->Java cache emptied: 4049387 bytes
    ->Google Chrome cache emptied: 281690539 bytes
    ->Flash cache emptied: 613 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 2356938 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84860 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 299.00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.69.0 log created on 01082013_191308

    Files\Folders moved on Reboot...
    File move failed. D:\Setup.exe scheduled to be moved on reboot.
    C:\Users\Eddie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  15. Offline
    DSTM (Dougie)

    DSTM (Dougie) ADMINISTRATOR Administrator

    Joined:
    May 3, 2009
    Messages:
    5,792
    Location:
    SYDNEY AUSTRALIA
    Hi Evol. The site is undergoing a major change. Things will be back to normal as soon as possible.
  16. Offline
    starbuck

    starbuck MALWARE REMOVAL SPECIALIST - MODERATOR Moderator

    Joined:
    Sep 26, 2009
    Messages:
    1,719
    Location:
    Midlands, UK
    Hi Evol,

    Thanks for pointing that out.
    Seems they have changed the download page.
    Yes it's the jre-7u10-windows-x64.exe that you require.

    This only refers to the downloaded icon that will appear on your desktop.
    Just click on the icon that appears.

    Just going back over some of your previous posts....

    Did the problem still exist when performing the 'Clean Boot'?
    If not, did you re-enable everything one item at a time to see which may have been causing the problem?

    That link is for the 32bit version.
    You have a 64bit operating system, so you will need this page:

    http://www.microsoft.com/en-us/download/details.aspx?id=13523
  17. Offline
    Evol

    Evol Registered Members

    Joined:
    Jan 7, 2013
    Messages:
    39
    Location:
    USA
    Ok Starbuck, I updated Java and installed the correct Microsoft Visual C++ Redistributable Package. I then did a restart just to see if having the right C++ package would fix the problem, but I'm still getting the error message.

    As far as the 'Clean Boot' goes, here's what I did. First, I opened 'msconfig' and under the 'services' tab I clicked on the box 'Hide all Microsoft Services'. This only left 8 items but I unchecked all of them and did a restart. The error message still occurred on restart. Next, I decided to start un-checking the Microsoft Services to see if I could isolate it that way. I noticed one called 'Interactive Services Detection', which is what the error message window says at the top so I decided to only un-check that one and see what happened. Well, this stopped the error message from showing up, but I still couldn't install my printer. I'm assuming this is because I had simply disabled the service that told me there was a problem and didn't actually disable the service that was causing the problem. Am I correct in that line of thinking? Or is 'Interactive Services Detection' even a legitimate Microsoft service? I've never seen any kind of error from it until now. But anyway thats what I did. So in the end I never actually disabled ALL of the Microsoft services. I was a little hesitant because I was under the impression it could crash the system. Hope this helped!
  18. Offline
    starbuck

    starbuck MALWARE REMOVAL SPECIALIST - MODERATOR Moderator

    Joined:
    Sep 26, 2009
    Messages:
    1,719
    Location:
    Midlands, UK
    Hi Evol,

    Yes the 'Interactive Services Detection' is a legit Microsoft service.
    Basically it let's you know if there are problems with the system.
    It can be disabled.... If you disable this service, you will no longer receive the notification for the problem service. Also, you will not receive notification for any misbehaving service on your system.
    There is more information here, if you want to read it:
    http://blogs.msdn.com/b/patricka/ar...eshooting-interactive-services-detection.aspx
    This isn't really within my field, but i will have a look around and see if i can find out any more information for you.
    As far as trying to reinstall the printer.....
    I did find some printer entries still in the OTL report.
    Also there was an entry which had been stopped using MSCONFIG.
    These may have contributed to you not being able to reinstall the software.
    Also the HP folder was still on your system:
    Those entries have since been removed with the Otl fix.
    It may be worth trying the reinstall again.
    There's no guarantee it will work..... but we have nothing to lose.
    Just check that the software/drivers you install are 64bit compatible.

    Btw:
    Just an after thought.
    Do you have the win7 operating disc?
    if so we could run a System File Check.
    If SFC discovers that a critical system file has been damaged, altered or missing, it restores the correct version.
    Just to make sure that the Interactive Services Detection has no errors.
  19. Offline
    Evol

    Evol Registered Members

    Joined:
    Jan 7, 2013
    Messages:
    39
    Location:
    USA
    This computer was a custom build by a friend of mine back in 2008. He put Windows 7 Beta on it to begin with, and once the real version of Windows 7 was available I bought and downloaded it. So I'm pretty sure I never had a win7 operating disc.

    So basically disabling the service won't really fix the problem. I guess I'll try to reinstall the printer, but if the error message prevents me from doing so I will disable 'Interactive Services Detection' and try to install again. It didn't work last time I tried that, but now that OTL has removed the rest of the HP files, maybe it will. I'll post my results.

    At this point do you still believe this is a Malware issue? I ask because I've never had a problem with Malware on this comp, learned my lesson in the past. Yes, I have bitTorrent installed but I'm smart about how I use it and don't just go downloading everything from everyone on the web (By the way, per your request, I have not used it since you started helping me). Just curious if you think its malware related or if its related to the HP software or something else. Thanks!
  20. Offline
    starbuck

    starbuck MALWARE REMOVAL SPECIALIST - MODERATOR Moderator

    Joined:
    Sep 26, 2009
    Messages:
    1,719
    Location:
    Midlands, UK
    Hi Evol

    It may... but the downside is that you won't get any notifications of any system problems.
    So it's a very last resort measure.
    No i'm not convinced it's a malware issue now.
    The type of FBI malware you originally had has been removed.
    I've cleaned this malware from a number of systems and have never seen this type of error before.
    So i don't think it's related.
    I have found a lot of posts on the 'net' about people with the same type of problem.... but no definite answers.
    Also quite a few people posting with this problem after installing HP software.
    Have you asked HP about the problem?

    Although i'm not convinced that it's malware related, i'm quite prepared to dig deeper with other programs we have just to make absolutely sure.
    It's entirely up to you.

    To answer this earlier question:
    Removing Erunt from the startup folder isn't that straight forward.
    You are best to remove the program from your system and install a fresh copy.
    This tutorial i wrote will explain how to install Erunt without adding it to the startup folder.
    http://www.smokey-services.eu/forums/index.php/topic,33663.msg60592.html#msg60592
Thread Status:
Not open for further replies.

Share This Page