JHUD
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by JHUD
-
-
Done. AVG Shield is still popping up with dropper warning. Here are the logs again:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-3537228672-3584438683-667650786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry value HKEY_USERS\S-1-5-21-3537228672-3584438683-667650786-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37153479-1976-43C3-A1EE-557513977B64} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}\ not found.
File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@ not found.
File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@ not found.
File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@ not found.
File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@ not found.
File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@ not found.
File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@ not found.
File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@ not found.
File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@ not found.
File C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@ not found.
========== FILES ==========
C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U folder moved successfully.
C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89} folder moved successfully.
C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U folder moved successfully.
C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L folder moved successfully.
C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89} folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Hud\Desktop\cmd.bat deleted successfully.
C:\Users\Hud\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Hud
->Temp folder emptied: 2444171 bytes
->Temporary Internet Files folder emptied: 227652975 bytes
->Java cache emptied: 11937648 bytes
->FireFox cache emptied: 63243462 bytes
->Flash cache emptied: 42126 bytes
User: Public
User: Renee
->Temp folder emptied: 302170741 bytes
->Temporary Internet Files folder emptied: 67651920 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 244736992 bytes
->Flash cache emptied: 100173 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 107552 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50605 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 5293332 bytes
Total Files Cleaned = 883.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.51.0 log created on 06252012_143021
Files\Folders moved on Reboot...
C:\Users\Hud\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.20.07
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Hud :: HUD-HP [administrator]
6/25/2012 2:37:56 PM
mbam-log-2012-06-25 (14-37-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223861
Time elapsed: 2 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Maniac,
I was finally able to get back to this site. The redirects were preventing me from doing so until now. Here are the logs:
All processes killed
Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFIE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFIE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFO3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.[2012/06/21 10:11:54 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@[2012/06/20 21:16:31 | 000,088,064 | ---- | C] () -- C:\Windo> in the current context!
Error: Unable to interpret <ws\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@[2012/06/20 21:16:09 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@[2012/06/20 21:14:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@[2012/06/20 14:56:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@[2012/06/20 14:54:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@[2012/06/20 14:54:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@:filesC:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}C:\Users\Hud\AppData\Local\{867c9da7> in the current context!
Error: Unable to interpret <-cc7e-73cf-70e4-e539ad2b5b89}ipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context!
OTL by OldTimer - Version 3.2.51.0 log created on 06252012_120002
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.20.07
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Hud :: HUD-HP [administrator]
6/25/2012 1:19:33 PM
mbam-log-2012-06-25 (13-19-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228052
Time elapsed: 2 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Maniac,
Here are the corrected logs. Thanks again for your assistance!
TL logfile created on: 6/22/2012 9:09:49 AM - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Hud\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 67.69% Memory free
7.50 Gb Paging File | 6.15 Gb Available in Paging File | 81.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.16 Gb Total Space | 866.74 Gb Free Space | 94.40% Space Free | Partition Type: NTFS
Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
Computer Name: HUD-HP | User Name: Hud | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/22 09:08:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/11 01:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
========== Modules (No Company Name) ==========
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/08/05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/05/11 07:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/06/20 15:04:05 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/11 01:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 17:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/02/29 22:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/12/09 19:36:19 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/12/09 19:36:19 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/02 22:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 05:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 05:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/21 19:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/05/11 07:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 06:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/02 10:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/08 13:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 11:10:56 | 000,000,000 | ---D | M]
[2011/02/28 18:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hud\AppData\Roaming\Mozilla\Extensions
[2012/06/21 08:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\extensions
[2011/02/28 18:21:11 | 000,001,834 | ---- | M] () -- C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\searchplugins\bing.xml
[2012/01/29 14:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/02 10:13:55 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2012/03/08 13:42:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/13 13:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/01/12 11:10:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/13 13:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/03/08 13:42:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/08 13:42:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D497BC6-8280-42DA-8D40-7989A4E29B75}: DhcpNameServer = 192.168.227.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5B30520-117F-4F84-8889-1BB8FECCA85F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{60995f6d-67fb-11e1-b554-6431501fe695}\Shell - "" = AutoRun
O33 - MountPoints2\{60995f6d-67fb-11e1-b554-6431501fe695}\Shell\AutoRun\command - "" = K:\setup.exe -a
O33 - MountPoints2\{939cd727-42df-11e0-be25-6431501fe695}\Shell - "" = AutoRun
O33 - MountPoints2\{939cd727-42df-11e0-be25-6431501fe695}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{d82ba151-0422-11e0-8164-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d82ba151-0422-11e0-8164-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/22 09:08:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe
[2012/06/20 19:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/20 15:06:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/19 08:45:45 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/19 08:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/06/18 18:46:43 | 000,000,000 | ---D | C] -- C:\Users\Hud\Documents\Moyea
[2012/06/18 18:43:57 | 000,000,000 | ---D | C] -- C:\Users\Hud\AppData\Roaming\Moyea
[2012/06/18 18:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/22 09:12:26 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 09:12:25 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/22 09:08:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe
[2012/06/22 09:04:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/22 09:04:24 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/21 23:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/21 10:17:24 | 100,611,477 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/18 17:58:04 | 000,392,412 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/17 21:18:16 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/17 21:18:16 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/17 21:18:16 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/04 14:22:23 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHud.job
[2012/06/04 13:59:56 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRenee.job
[2012/06/01 02:07:16 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHUD-HP$.job
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/21 10:11:54 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@
[2012/06/20 21:16:31 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@
[2012/06/20 21:16:09 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@
[2012/06/20 21:14:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@
[2012/06/20 14:56:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@
[2012/06/20 14:54:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@
[2012/06/20 14:54:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@
[2012/06/16 17:05:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@
[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@
[2012/03/12 21:46:13 | 000,004,608 | ---- | C] () -- C:\Users\Hud\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/22 13:35:21 | 000,013,902 | ---- | C] () -- C:\Windows\scunin.dat
[2012/01/12 11:12:25 | 000,000,042 | ---- | C] () -- C:\Users\Hud\jagex_cl_runescape_LIVE.dat
[2012/01/12 11:12:25 | 000,000,024 | ---- | C] () -- C:\Users\Hud\random.dat
[2010/12/09 19:38:41 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/09 18:56:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/12/09 18:42:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 10:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
========== LOP Check ==========
[2012/01/22 14:51:17 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\Ascaron Entertainment
[2011/03/02 02:32:28 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\AVG10
[2011/02/27 17:20:30 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\Blio
[2011/03/06 11:41:55 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\CometPlayer
[2011/02/27 18:01:29 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\GrabPro
[2012/06/20 23:12:29 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\IrfanView
[2012/06/18 18:43:57 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\Moyea
[2012/06/21 08:21:19 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\Orbit
[2011/02/27 17:11:21 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\PictureMover
[2011/02/27 18:01:32 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\ProgSense
[2011/02/27 18:27:05 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\tigerplayer
[2011/12/05 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\WinBatch
[2011/03/26 07:13:31 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\AVG10
[2012/03/14 12:16:38 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\Flip Video
[2012/06/20 23:12:28 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\IrfanView
[2012/01/12 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\Orbit
[2011/02/27 20:23:59 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\PictureMover
[2011/02/28 11:33:11 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\ProgSense
[2011/02/27 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\TigerPlayer
[2011/02/28 11:34:57 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\WildTangent
[2011/07/26 07:35:32 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\Windows Live Writer
[2012/06/15 07:51:56 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 6/22/2012 9:09:49 AM - Run 1
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Hud\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 67.69% Memory free
7.50 Gb Paging File | 6.15 Gb Available in Paging File | 81.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.16 Gb Total Space | 866.74 Gb Free Space | 94.40% Space Free | Partition Type: NTFS
Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
Computer Name: HUD-HP | User Name: Hud | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011
"{64E6D73F-707A-4817-8C2F-5BA9CB4B9CD8}" = AVG 2011
"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2011
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29
"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.406
"EXCEL" = Microsoft Office Excel 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MpcStar" = MpcStar 5.0
"My HP Game Console" = HP Game Console
"PDF Complete" = PDF Complete Special Edition
"Starcraft" = Starcraft
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WORD" = Microsoft Office Word 2007
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3537228672-3584438683-667650786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 4/15/2012 4:41:15 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 4/15/2012 5:08:31 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 4/21/2012 3:20:36 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 4/24/2012 1:51:18 AM | Computer Name = Hud-HP | Source = EventSystem | ID = 4621
Description =
Error - 5/9/2012 4:38:02 PM | Computer Name = Hud-HP | Source = Application Error | ID = 1000
Description = Faulting application name: wlmail.exe, version: 15.4.3502.922, time
stamp: 0x4c9b06aa Faulting module name: wlupdate.15.4.120.0.dll_unloaded, version:
0.0.0.0, time stamp: 0x4f59675f Exception code: 0xc0000005 Fault offset: 0x63cdcfa2
Faulting
process id: 0x1200 Faulting application start time: 0x01cd2e233dc2af51 Faulting application
path: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe Faulting module path:
wlupdate.15.4.120.0.dll Report Id: def040c2-9a16-11e1-b62b-6431501fe695
Error - 6/4/2012 6:10:13 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 6/4/2012 6:10:20 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 6/4/2012 6:32:22 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 6/4/2012 6:32:27 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 6/4/2012 6:32:29 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 6/4/2012 6:54:48 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
[ System Events ]
Error - 6/11/2012 2:42:29 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/12/2012 12:25:28 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/12/2012 12:25:32 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/13/2012 11:45:41 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/13/2012 11:45:42 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/14/2012 11:44:53 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/14/2012 11:44:55 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/14/2012 3:40:20 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/14/2012 6:11:01 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/15/2012 12:59:37 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
< End of report >
-
Thanks for the response! I will post the logs:
OTL logfile created on: 6/21/2012 9:42:07 AM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Hud\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.78 Gb Available Physical Memory | 74.13% Memory free
7.50 Gb Paging File | 6.69 Gb Available in Paging File | 89.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.16 Gb Total Space | 864.57 Gb Free Space | 94.16% Space Free | Partition Type: NTFS
Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
Computer Name: HUD-HP | User Name: Hud | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/21 09:36:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe
PRC - [2012/01/08 13:05:33 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Users\Hud\Desktop\iexplore.exe
PRC - [2009/07/13 17:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
========== Modules (No Company Name) ==========
MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/08/05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/05/11 07:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/06/20 15:04:05 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/11 01:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 17:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/02/29 22:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/12/09 19:36:19 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/12/09 19:36:19 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/02 22:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 05:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 05:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/21 19:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/05/11 07:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 06:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/02 10:13:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/08 13:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 11:10:56 | 000,000,000 | ---D | M]
[2011/02/28 18:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hud\AppData\Roaming\Mozilla\Extensions
[2012/06/21 08:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\extensions
[2011/02/28 18:21:11 | 000,001,834 | ---- | M] () -- C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\searchplugins\bing.xml
[2012/01/29 14:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/02 10:13:55 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
[2012/03/08 13:42:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/13 13:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/01/12 11:10:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/13 13:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/03/08 13:42:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/08 13:42:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [DeleteGrabPro] C:\Windows\SysWow64\advpack.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D497BC6-8280-42DA-8D40-7989A4E29B75}: DhcpNameServer = 192.168.227.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5B30520-117F-4F84-8889-1BB8FECCA85F}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{60995f6d-67fb-11e1-b554-6431501fe695}\Shell - "" = AutoRun
O33 - MountPoints2\{60995f6d-67fb-11e1-b554-6431501fe695}\Shell\AutoRun\command - "" = K:\setup.exe -a
O33 - MountPoints2\{939cd727-42df-11e0-be25-6431501fe695}\Shell - "" = AutoRun
O33 - MountPoints2\{939cd727-42df-11e0-be25-6431501fe695}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{d82ba151-0422-11e0-8164-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d82ba151-0422-11e0-8164-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/21 09:36:39 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe
[2012/06/21 09:28:32 | 004,563,474 | ---- | C] (Swearware) -- C:\Users\Hud\Desktop\ComboFix.exe
[2012/06/21 08:39:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Hud\Desktop\dds.scr
[2012/06/21 03:03:49 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/21 03:03:49 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/21 03:03:48 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/21 03:03:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/06/21 03:03:27 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/06/21 03:03:27 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/06/20 21:27:47 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/20 19:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/20 19:19:00 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hud\Desktop\tdsskiller.exe
[2012/06/20 15:06:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/19 08:45:45 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/19 08:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/06/18 19:44:39 | 000,748,336 | ---- | C] (Microsoft Corporation) -- C:\Users\Hud\Desktop\iexplore.exe
[2012/06/18 18:46:43 | 000,000,000 | ---D | C] -- C:\Users\Hud\Documents\Moyea
[2012/06/18 18:43:57 | 000,000,000 | ---D | C] -- C:\Users\Hud\AppData\Roaming\Moyea
[2012/06/18 18:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/06/21 09:36:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe
[2012/06/21 09:30:42 | 004,563,474 | ---- | M] (Swearware) -- C:\Users\Hud\Desktop\ComboFix.exe
[2012/06/21 08:40:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Hud\Desktop\dds.scr
[2012/06/21 08:30:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/21 08:30:05 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/21 08:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/21 03:17:15 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/21 03:17:15 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/20 15:05:57 | 100,594,855 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/20 15:04:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/20 15:04:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/18 17:58:04 | 000,392,412 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/17 21:18:16 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/17 21:18:16 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/17 21:18:16 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/15 05:40:47 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hud\Desktop\tdsskiller.exe
[2012/06/04 14:22:23 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHud.job
[2012/06/04 13:59:56 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRenee.job
[2012/06/01 02:07:16 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHUD-HP$.job
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/06/21 08:39:16 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@
[2012/06/20 21:16:31 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@
[2012/06/20 21:16:09 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@
[2012/06/20 21:14:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@
[2012/06/20 14:56:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@
[2012/06/20 14:54:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@
[2012/06/20 14:54:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@
[2012/06/16 17:05:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@
[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@
[2012/03/12 21:46:13 | 000,004,608 | ---- | C] () -- C:\Users\Hud\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/22 13:35:21 | 000,013,902 | ---- | C] () -- C:\Windows\scunin.dat
[2010/12/09 19:38:41 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/09 18:56:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/12/09 18:42:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 10:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
< End of report >
OTL Extras logfile created on: 6/21/2012 9:42:07 AM - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Hud\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.75 Gb Total Physical Memory | 2.78 Gb Available Physical Memory | 74.13% Memory free
7.50 Gb Paging File | 6.69 Gb Available in Paging File | 89.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.16 Gb Total Space | 864.57 Gb Free Space | 94.16% Space Free | Partition Type: NTFS
Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
Computer Name: HUD-HP | User Name: Hud | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011
"{64E6D73F-707A-4817-8C2F-5BA9CB4B9CD8}" = AVG 2011
"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2011
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding
"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29
"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista
"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English
"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation
"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian
"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German
"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare
"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese
"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish
"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian
"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"ESET Online Scanner" = ESET Online Scanner v3
"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.406
"EXCEL" = Microsoft Office Excel 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"IrfanView" = IrfanView (remove only)
"Kobo" = Kobo
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MpcStar" = MpcStar 5.0
"My HP Game Console" = HP Game Console
"PDF Complete" = PDF Complete Special Edition
"Starcraft" = Starcraft
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WORD" = Microsoft Office Word 2007
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HuluDesktop" = Hulu Desktop
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/21/2012 3:20:29 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 4/6/2012 11:04:12 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 4/15/2012 4:00:23 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 4/15/2012 4:00:29 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 4/15/2012 4:41:07 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 4/15/2012 4:41:13 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 4/15/2012 4:41:15 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 4/15/2012 5:08:31 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 4/21/2012 3:20:36 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193
Description =
Error - 4/24/2012 1:51:18 AM | Computer Name = Hud-HP | Source = EventSystem | ID = 4621
Description =
Error - 5/9/2012 4:38:02 PM | Computer Name = Hud-HP | Source = Application Error | ID = 1000
Description = Faulting application name: wlmail.exe, version: 15.4.3502.922, time
stamp: 0x4c9b06aa Faulting module name: wlupdate.15.4.120.0.dll_unloaded, version:
0.0.0.0, time stamp: 0x4f59675f Exception code: 0xc0000005 Fault offset: 0x63cdcfa2
Faulting
process id: 0x1200 Faulting application start time: 0x01cd2e233dc2af51 Faulting application
path: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe Faulting module path:
wlupdate.15.4.120.0.dll Report Id: def040c2-9a16-11e1-b62b-6431501fe695
[ System Events ]
Error - 6/11/2012 2:42:29 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/12/2012 12:25:28 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/12/2012 12:25:32 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/13/2012 11:45:41 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/13/2012 11:45:42 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/14/2012 11:44:53 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/14/2012 11:44:55 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/14/2012 3:40:20 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/14/2012 6:11:01 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
Error - 6/15/2012 12:59:37 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.
< End of report >
-
Additionally, here is the MBAM log:
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.06.20.07
Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Hud :: HUD-HP [administrator]
6/21/2012 8:32:26 AM
mbam-log-2012-06-21 (08-32-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227789
Time elapsed: 3 minute(s), 4 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
(end)
-
This BCMINER trojan is proving most difficult to remove. Any help would be greatly appreciated!
Logs:
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Hud at 8:52:14 on 2012-06-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.3024 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Hud\Desktop\iexplore.exe
C:\Users\Hud\Desktop\iexplore.exe
C:\Users\Hud\Desktop\iexplore.exe
C:\Users\Hud\Desktop\iexplore.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {37153479-1976-43C3-A1EE-557513977B64} - No File
uRunOnce: [DeleteGrabPro] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files (x86)\Orbitdownloader\GrabPro.dll"
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4D497BC6-8280-42DA-8D40-7989A4E29B75} : DhcpNameServer = 192.168.227.1
TCP: Interfaces\{F5B30520-117F-4F84-8889-1BB8FECCA85F} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F5B30520-117F-4F84-8889-1BB8FECCA85F}\845746 : DhcpNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB-X64: {37153479-1976-43C3-A1EE-557513977B64} - No File
mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
S2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-9 1128952]
S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 257224]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
.
=============== Created Last 30 ================
.
2012-06-21 11:03:49 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-21 11:03:49 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-21 11:03:48 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-21 11:03:27 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-21 11:03:27 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-21 11:03:27 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-21 11:03:27 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-21 11:03:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-21 11:03:27 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-21 11:03:27 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-21 05:33:01 208896 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-21 05:27:47 3213824 ----a-w- C:\Windows\System32\msi.dll
2012-06-21 05:27:47 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-21 04:51:26 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-21 04:50:27 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-06-21 04:49:32 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-06-21 04:49:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-21 04:49:31 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-21 04:49:31 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-06-21 04:49:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-06-21 03:35:13 -------- d-----w- C:\Program Files (x86)\ESET
2012-06-20 23:06:43 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-06-19 16:45:45 -------- d-----w- C:\Windows\en
2012-06-19 16:43:16 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-19 16:40:02 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2c3dd9ad1cd4e3a03\DSETUP.dll
2012-06-19 16:40:02 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2c3dd9ad1cd4e3a03\DXSETUP.exe
2012-06-19 16:40:02 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2c3dd9ad1cd4e3a03\dsetup32.dll
2012-06-19 02:43:57 -------- d-----w- C:\Users\Hud\AppData\Roaming\Moyea
2012-06-19 02:43:15 -------- d-----w- C:\Program Files (x86)\Moyea
.
==================== Find3M ====================
.
2012-06-20 23:04:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-20 23:04:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-04 23:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 8:53:22.78 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/27/2011 6:12:42 PM
System Uptime: 6/21/2012 8:29:50 AM (0 hours ago)
.
Motherboard: FOXCONN | | 2AB1
Processor: AMD Athlon II X4 640 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 864.805 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.63 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP47: 4/15/2012 12:00:29 AM - Windows Backup
RP48: 4/20/2012 11:20:35 PM - HPSF Restore Point
RP49: 6/4/2012 2:10:20 PM - Windows Backup
RP50: 6/17/2012 1:08:43 PM - Windows Backup
RP51: 6/19/2012 8:40:14 AM - Windows Live Essentials
RP52: 6/19/2012 8:41:40 AM - Installed DirectX
RP53: 6/19/2012 8:41:58 AM - Installed DirectX
RP54: 6/19/2012 8:42:36 AM - WLSetup
RP55: 6/20/2012 10:00:46 PM - Restore Operation
RP56: 6/21/2012 3:00:15 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 ActiveX
Agatha Christie - Peril at End House
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
Blio
Bounce Symphony
Build-a-lot 2
Cake Mania
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's World Adventure
DVD Menu Pack for HP MediaSmart Video
Escape Rosecliff Island
ESET Online Scanner v3
eSupport UndeletePlus 3.0.2.406
Farm Frenzy
FATE
Final Drive Nitro
FlipShare
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.1.0
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP MovieStore
HP Odometer
HP Setup
HP Setup Manager
HP Support Assistant
HP Support Information
HP Update
Hulu Desktop
IrfanView (remove only)
Java Auto Updater
Java 6 Update 29
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2010
Microsoft Office Excel 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 10.0.2 (x86 en-US)
MpcStar 5.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - The London Caper
Norton Online Backup
PC Inspector File Recovery
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
PlayReady PC Runtime x86
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
Recovery Manager
RoxioNow Player
Starcraft
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Script Editor Help (KB963671)
Virtual Families
Virtual Villagers 4 - The Tree of Life
Visual Studio 2008 x64 Redistributables
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 11.1
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
6/21/2012 8:30:49 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 8:30:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/21/2012 8:30:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/21/2012 8:30:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/21/2012 8:30:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/21/2012 8:30:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6
6/21/2012 8:30:18 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/21/2012 8:30:18 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/21/2012 8:30:18 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/21/2012 8:18:46 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/21/2012 8:18:46 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
6/21/2012 3:09:27 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/20/2012 6:20:11 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
6/20/2012 10:30:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/20/2012 10:23:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
6/20/2012 10:23:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/20/2012 10:23:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/20/2012 10:22:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
6/20/2012 1:54:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Hud-HP\Hud SID (S-1-5-21-3537228672-3584438683-667650786-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/20/2012 1:46:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
Dropper.BCMINER cannot be removed:
in Resolved Malware Removal Logs
Posted
My apologies. Step two re-accomplished:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.25.10
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Hud :: HUD-HP [administrator]
6/25/2012 4:59:27 PM
mbam-log-2012-06-25 (16-59-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224793
Time elapsed: 1 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)