JHUD

Members

View Profile See their activity

Posts
7
Joined
June 21, 2012
Last visited
June 26, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by JHUD

Dropper.BCMINER cannot be removed:

JHUD replied to JHUD's topic in Resolved Malware Removal Logs

My apologies. Step two re-accomplished: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.25.10 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Hud :: HUD-HP [administrator] 6/25/2012 4:59:27 PM mbam-log-2012-06-25 (16-59-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 224793 Time elapsed: 1 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
Dropper.BCMINER cannot be removed:

JHUD replied to JHUD's topic in Resolved Malware Removal Logs

Done. AVG Shield is still popping up with dropper warning. Here are the logs again: All processes killed ========== OTL ========== 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry key HKEY_USERS\S-1-5-21-3537228672-3584438683-667650786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found. Registry value HKEY_USERS\S-1-5-21-3537228672-3584438683-667650786-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37153479-1976-43C3-A1EE-557513977B64} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}\ not found. File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@ not found. File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@ not found. File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@ not found. File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@ not found. File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@ not found. File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@ not found. File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@ not found. File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@ not found. File C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@ not found. ========== FILES ========== C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U folder moved successfully. C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89} folder moved successfully. C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U folder moved successfully. C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L folder moved successfully. C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89} folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Hud\Desktop\cmd.bat deleted successfully. C:\Users\Hud\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Hud ->Temp folder emptied: 2444171 bytes ->Temporary Internet Files folder emptied: 227652975 bytes ->Java cache emptied: 11937648 bytes ->FireFox cache emptied: 63243462 bytes ->Flash cache emptied: 42126 bytes User: Public User: Renee ->Temp folder emptied: 302170741 bytes ->Temporary Internet Files folder emptied: 67651920 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 244736992 bytes ->Flash cache emptied: 100173 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 107552 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 50605 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 5293332 bytes Total Files Cleaned = 883.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.51.0 log created on 06252012_143021 Files\Folders moved on Reboot... C:\Users\Hud\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.20.07 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Hud :: HUD-HP [administrator] 6/25/2012 2:37:56 PM mbam-log-2012-06-25 (14-37-56).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 223861 Time elapsed: 2 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
Dropper.BCMINER cannot be removed:

JHUD replied to JHUD's topic in Resolved Malware Removal Logs

Maniac, I was finally able to get back to this site. The redirects were preventing me from doing so until now. Here are the logs: All processes killed Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFIE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFIE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFO3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.[2012/06/21 10:11:54 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@[2012/06/20 21:16:31 | 000,088,064 | ---- | C] () -- C:\Windo> in the current context! Error: Unable to interpret <ws\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@[2012/06/20 21:16:09 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@[2012/06/20 21:14:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@[2012/06/20 14:56:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@[2012/06/20 14:54:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@[2012/06/20 14:54:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@:filesC:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}C:\Users\Hud\AppData\Local\{867c9da7> in the current context! Error: Unable to interpret <-cc7e-73cf-70e4-e539ad2b5b89}ipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context! OTL by OldTimer - Version 3.2.51.0 log created on 06252012_120002 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.20.07 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Hud :: HUD-HP [administrator] 6/25/2012 1:19:33 PM mbam-log-2012-06-25 (13-19-33).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 228052 Time elapsed: 2 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
Dropper.BCMINER cannot be removed:

JHUD replied to JHUD's topic in Resolved Malware Removal Logs

Maniac, Here are the corrected logs. Thanks again for your assistance! TL logfile created on: 6/22/2012 9:09:49 AM - Run 1 OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Hud\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 67.69% Memory free 7.50 Gb Paging File | 6.15 Gb Available in Paging File | 81.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.16 Gb Total Space | 866.74 Gb Free Space | 94.40% Space Free | Partition Type: NTFS Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.31% Space Free | Partition Type: NTFS Computer Name: HUD-HP | User Name: Hud | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/22 09:08:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe PRC - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe PRC - [2010/09/11 01:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe PRC - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe ========== Modules (No Company Name) ========== MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/08/05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/05/11 07:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012/06/20 15:04:05 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer) SRV - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010/09/11 01:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service) SRV - [2010/06/18 17:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/02/29 22:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2010/12/09 19:36:19 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010/12/09 19:36:19 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/09/02 22:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/08/13 05:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010/08/13 05:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010/07/21 19:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2010/05/11 07:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/05/11 06:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647 IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com" FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/02 10:13:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/08 13:42:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 11:10:56 | 000,000,000 | ---D | M] [2011/02/28 18:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hud\AppData\Roaming\Mozilla\Extensions [2012/06/21 08:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\extensions [2011/02/28 18:21:11 | 000,001,834 | ---- | M] () -- C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\searchplugins\bing.xml [2012/01/29 14:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/02/02 10:13:55 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4 [2012/03/08 13:42:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/07/13 13:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2012/01/12 11:10:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/07/13 13:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2012/03/08 13:42:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/08 13:42:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found. O3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D497BC6-8280-42DA-8D40-7989A4E29B75}: DhcpNameServer = 192.168.227.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5B30520-117F-4F84-8889-1BB8FECCA85F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{60995f6d-67fb-11e1-b554-6431501fe695}\Shell - "" = AutoRun O33 - MountPoints2\{60995f6d-67fb-11e1-b554-6431501fe695}\Shell\AutoRun\command - "" = K:\setup.exe -a O33 - MountPoints2\{939cd727-42df-11e0-be25-6431501fe695}\Shell - "" = AutoRun O33 - MountPoints2\{939cd727-42df-11e0-be25-6431501fe695}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{d82ba151-0422-11e0-8164-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d82ba151-0422-11e0-8164-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/22 09:08:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe [2012/06/20 19:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/06/20 15:06:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/06/19 08:45:45 | 000,000,000 | ---D | C] -- C:\Windows\en [2012/06/19 08:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012/06/18 18:46:43 | 000,000,000 | ---D | C] -- C:\Users\Hud\Documents\Moyea [2012/06/18 18:43:57 | 000,000,000 | ---D | C] -- C:\Users\Hud\AppData\Roaming\Moyea [2012/06/18 18:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/22 09:12:26 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/22 09:12:25 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/22 09:08:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe [2012/06/22 09:04:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/22 09:04:24 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys [2012/06/21 23:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/21 10:17:24 | 100,611,477 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/06/18 17:58:04 | 000,392,412 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/06/17 21:18:16 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/17 21:18:16 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/17 21:18:16 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/04 14:22:23 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHud.job [2012/06/04 13:59:56 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRenee.job [2012/06/01 02:07:16 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHUD-HP$.job [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/21 10:11:54 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@ [2012/06/20 21:16:31 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@ [2012/06/20 21:16:09 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@ [2012/06/20 21:14:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@ [2012/06/20 14:56:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@ [2012/06/20 14:54:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@ [2012/06/20 14:54:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@ [2012/06/16 17:05:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@ [2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@ [2012/03/12 21:46:13 | 000,004,608 | ---- | C] () -- C:\Users\Hud\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/22 13:35:21 | 000,013,902 | ---- | C] () -- C:\Windows\scunin.dat [2012/01/12 11:12:25 | 000,000,042 | ---- | C] () -- C:\Users\Hud\jagex_cl_runescape_LIVE.dat [2012/01/12 11:12:25 | 000,000,024 | ---- | C] () -- C:\Users\Hud\random.dat [2010/12/09 19:38:41 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/12/09 18:56:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2010/12/09 18:42:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/09/21 10:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL ========== LOP Check ========== [2012/01/22 14:51:17 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\Ascaron Entertainment [2011/03/02 02:32:28 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\AVG10 [2011/02/27 17:20:30 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\Blio [2011/03/06 11:41:55 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\CometPlayer [2011/02/27 18:01:29 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\GrabPro [2012/06/20 23:12:29 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\IrfanView [2012/06/18 18:43:57 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\Moyea [2012/06/21 08:21:19 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\Orbit [2011/02/27 17:11:21 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\PictureMover [2011/02/27 18:01:32 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\ProgSense [2011/02/27 18:27:05 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\tigerplayer [2011/12/05 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\WinBatch [2011/03/26 07:13:31 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\AVG10 [2012/03/14 12:16:38 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\Flip Video [2012/06/20 23:12:28 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\IrfanView [2012/01/12 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\Orbit [2011/02/27 20:23:59 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\PictureMover [2011/02/28 11:33:11 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\ProgSense [2011/02/27 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\TigerPlayer [2011/02/28 11:34:57 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\WildTangent [2011/07/26 07:35:32 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\Windows Live Writer [2012/06/15 07:51:56 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 6/22/2012 9:09:49 AM - Run 1 OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Hud\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 67.69% Memory free 7.50 Gb Paging File | 6.15 Gb Available in Paging File | 81.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.16 Gb Total Space | 866.74 Gb Free Space | 94.40% Space Free | Partition Type: NTFS Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.31% Space Free | Partition Type: NTFS Computer Name: HUD-HP | User Name: Hud | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011 "{64E6D73F-707A-4817-8C2F-5BA9CB4B9CD8}" = AVG 2011 "{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "AVG" = AVG 2011 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding "{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29 "{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4 "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software "{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio "{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English "{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation "{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian "{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German "{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore "{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare "{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese "{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update "{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish "{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian "{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "ESET Online Scanner" = ESET Online Scanner v3 "eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.406 "EXCEL" = Microsoft Office Excel 2007 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "IrfanView" = IrfanView (remove only) "Kobo" = Kobo "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US) "MpcStar" = MpcStar 5.0 "My HP Game Console" = HP Game Console "PDF Complete" = PDF Complete Special Edition "Starcraft" = Starcraft "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "WORD" = Microsoft Office Word 2007 "WT087328" = Blackhawk Striker 2 "WT087330" = Bounce Symphony "WT087335" = Build-a-lot 2 "WT087343" = Dora's World Adventure "WT087360" = Escape Rosecliff Island "WT087361" = FATE "WT087362" = Final Drive Nitro "WT087372" = Heroes of Hellas 2 - Olympia "WT087379" = Jewel Quest Solitaire 2 "WT087394" = Penguins! "WT087395" = Poker Superstars III "WT087396" = Polar Bowler "WT087397" = Polar Golfer "WT087414" = Virtual Families "WT087415" = Wheel of Fortune 2 "WT087428" = Bejeweled 2 Deluxe "WT087453" = Chuzzle Deluxe "WT087501" = Plants vs. Zombies "WT087533" = Zuma Deluxe "WT087536" = Diner Dash 2 Restaurant Rescue "WT089299" = Mystery P.I. - The London Caper "WT089307" = Virtual Villagers 4 - The Tree of Life "WT089308" = Blasterball 3 "WT089328" = Farm Frenzy "WT089359" = Cake Mania "WT089362" = Agatha Christie - Peril at End House "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3537228672-3584438683-667650786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "HuluDesktop" = Hulu Desktop ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 4/15/2012 4:41:15 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 4/15/2012 5:08:31 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 4/21/2012 3:20:36 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 4/24/2012 1:51:18 AM | Computer Name = Hud-HP | Source = EventSystem | ID = 4621 Description = Error - 5/9/2012 4:38:02 PM | Computer Name = Hud-HP | Source = Application Error | ID = 1000 Description = Faulting application name: wlmail.exe, version: 15.4.3502.922, time stamp: 0x4c9b06aa Faulting module name: wlupdate.15.4.120.0.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f59675f Exception code: 0xc0000005 Fault offset: 0x63cdcfa2 Faulting process id: 0x1200 Faulting application start time: 0x01cd2e233dc2af51 Faulting application path: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe Faulting module path: wlupdate.15.4.120.0.dll Report Id: def040c2-9a16-11e1-b62b-6431501fe695 Error - 6/4/2012 6:10:13 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 6/4/2012 6:10:20 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 6/4/2012 6:32:22 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 6/4/2012 6:32:27 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 6/4/2012 6:32:29 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 6/4/2012 6:54:48 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = [ System Events ] Error - 6/11/2012 2:42:29 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/12/2012 12:25:28 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/12/2012 12:25:32 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/13/2012 11:45:41 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/13/2012 11:45:42 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/14/2012 11:44:53 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/14/2012 11:44:55 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/14/2012 3:40:20 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/14/2012 6:11:01 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/15/2012 12:59:37 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. < End of report >
Dropper.BCMINER cannot be removed:

JHUD replied to JHUD's topic in Resolved Malware Removal Logs

Thanks for the response! I will post the logs: OTL logfile created on: 6/21/2012 9:42:07 AM - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Hud\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.78 Gb Available Physical Memory | 74.13% Memory free 7.50 Gb Paging File | 6.69 Gb Available in Paging File | 89.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.16 Gb Total Space | 864.57 Gb Free Space | 94.16% Space Free | Partition Type: NTFS Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.31% Space Free | Partition Type: NTFS Computer Name: HUD-HP | User Name: Hud | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/21 09:36:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe PRC - [2012/01/08 13:05:33 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Users\Hud\Desktop\iexplore.exe PRC - [2009/07/13 17:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE ========== Modules (No Company Name) ========== MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/08/05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc) SRV:64bit: - [2010/05/11 07:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012/06/20 15:04:05 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer) SRV - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010/09/11 01:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service) SRV - [2010/06/18 17:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/02/29 22:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH) DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2010/12/09 19:36:19 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010/12/09 19:36:19 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/09/02 22:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/08/13 05:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010/08/13 05:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010/07/21 19:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2010/05/11 07:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/05/11 06:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647 IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com" FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374 FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/02 10:13:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/08 13:42:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 11:10:56 | 000,000,000 | ---D | M] [2011/02/28 18:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hud\AppData\Roaming\Mozilla\Extensions [2012/06/21 08:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\extensions [2011/02/28 18:21:11 | 000,001,834 | ---- | M] () -- C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\searchplugins\bing.xml [2012/01/29 14:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/02/02 10:13:55 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4 [2012/03/08 13:42:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/07/13 13:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2012/01/12 11:10:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/07/13 13:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2012/03/08 13:42:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/08 13:42:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKCU..\RunOnce: [DeleteGrabPro] C:\Windows\SysWow64\advpack.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D497BC6-8280-42DA-8D40-7989A4E29B75}: DhcpNameServer = 192.168.227.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5B30520-117F-4F84-8889-1BB8FECCA85F}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{60995f6d-67fb-11e1-b554-6431501fe695}\Shell - "" = AutoRun O33 - MountPoints2\{60995f6d-67fb-11e1-b554-6431501fe695}\Shell\AutoRun\command - "" = K:\setup.exe -a O33 - MountPoints2\{939cd727-42df-11e0-be25-6431501fe695}\Shell - "" = AutoRun O33 - MountPoints2\{939cd727-42df-11e0-be25-6431501fe695}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{d82ba151-0422-11e0-8164-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d82ba151-0422-11e0-8164-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/21 09:36:39 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe [2012/06/21 09:28:32 | 004,563,474 | ---- | C] (Swearware) -- C:\Users\Hud\Desktop\ComboFix.exe [2012/06/21 08:39:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Hud\Desktop\dds.scr [2012/06/21 03:03:49 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/06/21 03:03:49 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/06/21 03:03:48 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/06/21 03:03:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll [2012/06/21 03:03:27 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll [2012/06/21 03:03:27 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys [2012/06/20 21:27:47 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll [2012/06/20 19:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/06/20 19:19:00 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hud\Desktop\tdsskiller.exe [2012/06/20 15:06:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/06/19 08:45:45 | 000,000,000 | ---D | C] -- C:\Windows\en [2012/06/19 08:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2012/06/18 19:44:39 | 000,748,336 | ---- | C] (Microsoft Corporation) -- C:\Users\Hud\Desktop\iexplore.exe [2012/06/18 18:46:43 | 000,000,000 | ---D | C] -- C:\Users\Hud\Documents\Moyea [2012/06/18 18:43:57 | 000,000,000 | ---D | C] -- C:\Users\Hud\AppData\Roaming\Moyea [2012/06/18 18:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/21 09:36:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe [2012/06/21 09:30:42 | 004,563,474 | ---- | M] (Swearware) -- C:\Users\Hud\Desktop\ComboFix.exe [2012/06/21 08:40:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Hud\Desktop\dds.scr [2012/06/21 08:30:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/21 08:30:05 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys [2012/06/21 08:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/21 03:17:15 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/21 03:17:15 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/20 15:05:57 | 100,594,855 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012/06/20 15:04:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/06/20 15:04:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/06/18 17:58:04 | 000,392,412 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012/06/17 21:18:16 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/17 21:18:16 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/17 21:18:16 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/15 05:40:47 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hud\Desktop\tdsskiller.exe [2012/06/04 14:22:23 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHud.job [2012/06/04 13:59:56 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRenee.job [2012/06/01 02:07:16 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHUD-HP$.job [1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/21 08:39:16 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@ [2012/06/20 21:16:31 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@ [2012/06/20 21:16:09 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@ [2012/06/20 21:14:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@ [2012/06/20 14:56:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@ [2012/06/20 14:54:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@ [2012/06/20 14:54:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@ [2012/06/16 17:05:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@ [2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@ [2012/03/12 21:46:13 | 000,004,608 | ---- | C] () -- C:\Users\Hud\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/22 13:35:21 | 000,013,902 | ---- | C] () -- C:\Windows\scunin.dat [2010/12/09 19:38:41 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/12/09 18:56:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2010/12/09 18:42:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010/09/21 10:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL < End of report > OTL Extras logfile created on: 6/21/2012 9:42:07 AM - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Hud\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 2.78 Gb Available Physical Memory | 74.13% Memory free 7.50 Gb Paging File | 6.69 Gb Available in Paging File | 89.29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 918.16 Gb Total Space | 864.57 Gb Free Space | 94.16% Space Free | Partition Type: NTFS Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.31% Space Free | Partition Type: NTFS Computer Name: HUD-HP | User Name: Hud | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011 "{64E6D73F-707A-4817-8C2F-5BA9CB4B9CD8}" = AVG 2011 "{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "AVG" = AVG 2011 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery "{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding "{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish "{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29 "{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix "{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4 "{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software "{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio "{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English "{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation "{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech "{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian "{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German "{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish "{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore "{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007 "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader "{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare "{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese "{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager "{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish "{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update "{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish "{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian "{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light "{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows "ESET Online Scanner" = ESET Online Scanner v3 "eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.406 "EXCEL" = Microsoft Office Excel 2007 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo "InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD "InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video "IrfanView" = IrfanView (remove only) "Kobo" = Kobo "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US) "MpcStar" = MpcStar 5.0 "My HP Game Console" = HP Game Console "PDF Complete" = PDF Complete Special Edition "Starcraft" = Starcraft "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "WORD" = Microsoft Office Word 2007 "WT087328" = Blackhawk Striker 2 "WT087330" = Bounce Symphony "WT087335" = Build-a-lot 2 "WT087343" = Dora's World Adventure "WT087360" = Escape Rosecliff Island "WT087361" = FATE "WT087362" = Final Drive Nitro "WT087372" = Heroes of Hellas 2 - Olympia "WT087379" = Jewel Quest Solitaire 2 "WT087394" = Penguins! "WT087395" = Poker Superstars III "WT087396" = Polar Bowler "WT087397" = Polar Golfer "WT087414" = Virtual Families "WT087415" = Wheel of Fortune 2 "WT087428" = Bejeweled 2 Deluxe "WT087453" = Chuzzle Deluxe "WT087501" = Plants vs. Zombies "WT087533" = Zuma Deluxe "WT087536" = Diner Dash 2 Restaurant Rescue "WT089299" = Mystery P.I. - The London Caper "WT089307" = Virtual Villagers 4 - The Tree of Life "WT089308" = Blasterball 3 "WT089328" = Farm Frenzy "WT089359" = Cake Mania "WT089362" = Agatha Christie - Peril at End House "ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "HuluDesktop" = Hulu Desktop ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/21/2012 3:20:29 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 4/6/2012 11:04:12 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 4/15/2012 4:00:23 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 4/15/2012 4:00:29 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 4/15/2012 4:41:07 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 4/15/2012 4:41:13 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 4/15/2012 4:41:15 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 4/15/2012 5:08:31 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 4/21/2012 3:20:36 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193 Description = Error - 4/24/2012 1:51:18 AM | Computer Name = Hud-HP | Source = EventSystem | ID = 4621 Description = Error - 5/9/2012 4:38:02 PM | Computer Name = Hud-HP | Source = Application Error | ID = 1000 Description = Faulting application name: wlmail.exe, version: 15.4.3502.922, time stamp: 0x4c9b06aa Faulting module name: wlupdate.15.4.120.0.dll_unloaded, version: 0.0.0.0, time stamp: 0x4f59675f Exception code: 0xc0000005 Fault offset: 0x63cdcfa2 Faulting process id: 0x1200 Faulting application start time: 0x01cd2e233dc2af51 Faulting application path: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe Faulting module path: wlupdate.15.4.120.0.dll Report Id: def040c2-9a16-11e1-b62b-6431501fe695 [ System Events ] Error - 6/11/2012 2:42:29 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/12/2012 12:25:28 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/12/2012 12:25:32 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/13/2012 11:45:41 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/13/2012 11:45:42 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/14/2012 11:44:53 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/14/2012 11:44:55 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/14/2012 3:40:20 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/14/2012 6:11:01 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. Error - 6/15/2012 12:59:37 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR1. < End of report >
Dropper.BCMINER cannot be removed:

JHUD replied to JHUD's topic in Resolved Malware Removal Logs

Additionally, here is the MBAM log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.20.07 Windows 7 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Hud :: HUD-HP [administrator] 6/21/2012 8:32:26 AM mbam-log-2012-06-21 (08-32-26).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 227789 Time elapsed: 3 minute(s), 4 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end)
Dropper.BCMINER cannot be removed:

JHUD posted a topic in Resolved Malware Removal Logs

This BCMINER trojan is proving most difficult to remove. Any help would be greatly appreciated! Logs: DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Hud at 8:52:14 on 2012-06-21 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.3024 [GMT -8:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Users\Hud\Desktop\iexplore.exe C:\Users\Hud\Desktop\iexplore.exe C:\Users\Hud\Desktop\iexplore.exe C:\Users\Hud\Desktop\iexplore.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mWinlogon: Userinit=userinit.exe, BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB: {37153479-1976-43C3-A1EE-557513977B64} - No File uRunOnce: [DeleteGrabPro] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files (x86)\Orbitdownloader\GrabPro.dll" mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: mswsock.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{4D497BC6-8280-42DA-8D40-7989A4E29B75} : DhcpNameServer = 192.168.227.1 TCP: Interfaces\{F5B30520-117F-4F84-8889-1BB8FECCA85F} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{F5B30520-117F-4F84-8889-1BB8FECCA85F}\845746 : DhcpNameServer = 192.168.2.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File TB-X64: {37153479-1976-43C3-A1EE-557513977B64} - No File mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q= FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q= FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.brc - . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?] R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072] S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520] S2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440] S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-9 1128952] S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 257224] S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?] S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?] . =============== Created Last 30 ================ . 2012-06-21 11:03:49 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-21 11:03:49 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-21 11:03:48 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-21 11:03:27 80896 ----a-w- C:\Windows\System32\imagehlp.dll 2012-06-21 11:03:27 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-06-21 11:03:27 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-06-21 11:03:27 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-06-21 11:03:27 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-06-21 11:03:27 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-06-21 11:03:27 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-06-21 05:33:01 208896 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-21 05:27:47 3213824 ----a-w- C:\Windows\System32\msi.dll 2012-06-21 05:27:47 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-21 04:51:26 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-21 04:50:27 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-06-21 04:49:32 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-06-21 04:49:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-06-21 04:49:31 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-06-21 04:49:31 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-06-21 04:49:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-06-21 03:35:13 -------- d-----w- C:\Program Files (x86)\ESET 2012-06-20 23:06:43 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-06-19 16:45:45 -------- d-----w- C:\Windows\en 2012-06-19 16:43:16 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-06-19 16:40:02 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2c3dd9ad1cd4e3a03\DSETUP.dll 2012-06-19 16:40:02 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2c3dd9ad1cd4e3a03\DXSETUP.exe 2012-06-19 16:40:02 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2c3dd9ad1cd4e3a03\dsetup32.dll 2012-06-19 02:43:57 -------- d-----w- C:\Users\Hud\AppData\Roaming\Moyea 2012-06-19 02:43:15 -------- d-----w- C:\Program Files (x86)\Moyea . ==================== Find3M ==================== . 2012-06-20 23:04:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-20 23:04:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-04-04 23:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 8:53:22.78 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 2/27/2011 6:12:42 PM System Uptime: 6/21/2012 8:29:50 AM (0 hours ago) . Motherboard: FOXCONN | | 2AB1 Processor: AMD Athlon II X4 640 Processor | CPU 1 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 918 GiB total, 864.805 GiB free. D: is FIXED (NTFS) - 13 GiB total, 1.63 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . ==== System Restore Points =================== . RP47: 4/15/2012 12:00:29 AM - Windows Backup RP48: 4/20/2012 11:20:35 PM - HPSF Restore Point RP49: 6/4/2012 2:10:20 PM - Windows Backup RP50: 6/17/2012 1:08:43 PM - Windows Backup RP51: 6/19/2012 8:40:14 AM - Windows Live Essentials RP52: 6/19/2012 8:41:40 AM - Installed DirectX RP53: 6/19/2012 8:41:58 AM - Installed DirectX RP54: 6/19/2012 8:42:36 AM - WLSetup RP55: 6/20/2012 10:00:46 PM - Restore Operation RP56: 6/21/2012 3:00:15 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Flash Player 11 ActiveX Agatha Christie - Peril at End House Bejeweled 2 Deluxe Blackhawk Striker 2 Blasterball 3 Blio Bounce Symphony Build-a-lot 2 Cake Mania Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Coupon Printer for Windows CyberLink DVD Suite Deluxe D3DX10 Diner Dash 2 Restaurant Rescue Dora's World Adventure DVD Menu Pack for HP MediaSmart Video Escape Rosecliff Island ESET Online Scanner v3 eSupport UndeletePlus 3.0.2.406 Farm Frenzy FATE Final Drive Nitro FlipShare Heroes of Hellas 2 - Olympia Hewlett-Packard ACLM.NET v1.1.1.0 HP Customer Experience Enhancements HP Game Console HP Games HP MediaSmart DVD HP MediaSmart Music HP MediaSmart Photo HP MediaSmart Video HP MediaSmart/TouchSmart Netflix HP MovieStore HP Odometer HP Setup HP Setup Manager HP Support Assistant HP Support Information HP Update Hulu Desktop IrfanView (remove only) Java Auto Updater Java 6 Update 29 Jewel Quest Solitaire 2 Junk Mail filter update Kobo LabelPrint LightScribe System Software Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Office 2010 Microsoft Office Excel 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft WSE 3.0 Runtime Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 10.0.2 (x86 en-US) MpcStar 5.0 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery P.I. - The London Caper Norton Online Backup PC Inspector File Recovery PDF Complete Special Edition Penguins! PhotoNow! PictureMover Plants vs. Zombies PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector PressReader Ralink RT2860 Wireless LAN Card Realtek High Definition Audio Driver Recovery Manager RoxioNow Player Starcraft Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Script Editor Help (KB963671) Virtual Families Virtual Villagers 4 - The Tree of Life Visual Studio 2008 x64 Redistributables Wheel of Fortune 2 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip 11.1 Zinio Reader 4 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 6/21/2012 8:30:49 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 6/21/2012 8:30:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 6/21/2012 8:30:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 6/21/2012 8:30:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 6/21/2012 8:30:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 6/21/2012 8:30:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6 6/21/2012 8:30:18 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 6/21/2012 8:30:18 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 6/21/2012 8:30:18 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 6/21/2012 8:18:46 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 6/21/2012 8:18:46 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 6/21/2012 3:09:27 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 6/20/2012 6:20:11 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 6/20/2012 10:30:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 6/20/2012 10:23:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 6/20/2012 10:23:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 6/20/2012 10:23:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 6/20/2012 10:22:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 6/20/2012 1:54:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Hud-HP\Hud SID (S-1-5-21-3537228672-3584438683-667650786-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 6/20/2012 1:46:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. . ==== End Of File ===========================

Sign In

JHUD

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by JHUD

Dropper.BCMINER cannot be removed:

Dropper.BCMINER cannot be removed:

Dropper.BCMINER cannot be removed:

Dropper.BCMINER cannot be removed:

Dropper.BCMINER cannot be removed:

Dropper.BCMINER cannot be removed:

Dropper.BCMINER cannot be removed:

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information