Eastmarch

Running normally, now performing a full scan with all tools. will post logs in there are any anomolies.

Status: Deleted (events: 1) 7/5/2012 7:57:08 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\_OTL\MovedFiles\07032012_172321\C_Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@ High

ran EOS again, this time came out clean after deleting the 5 "threats" last time

Yes, it found 2 things listed as multiple threats, 2 "trojans" and one i dont remember.

A logfile was not placed at the directed spot, nor could i find anything related to eset in my files.

PM submitted

Ok, heres the log ComboFix 12-07-04.01 - Hunter Roberts 07/04/2012 9:29.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4871 [GMT -4:00] Running from: c:\users\Hunter Roberts\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\Hunter Roberts\AppData\Local\TempDIR c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\eb.drv c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\eb.sys c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\energy.drv c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\energy.sys c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\exec.exe c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\exec.sys c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\exec.tmp c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\fan.dll c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\FW.dll c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\gid.exe c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\pal.sys c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\PE.dll c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\PE.exe c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.dll c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\sld.dll c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\sld.drv c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll c:\users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv c:\users\Hunter Roberts\videos\JavaSetup6u14.exe c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 ))))))))))))))))))))))))))))))) . . 2012-07-04 13:35 . 2012-07-04 13:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-03 21:23 . 2012-07-03 21:23 -------- d-----w- C:\_OTL 2012-07-02 23:32 . 2012-07-02 23:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-02 23:25 . 2012-07-02 23:25 -------- d-----w- c:\users\Hunter Roberts\AppData\Local\Macromedia 2012-07-02 01:59 . 2012-07-02 02:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-06-30 18:30 . 2012-06-30 18:30 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D445D410-4B67-433E-8792-1F99E582B0E8}\offreg.dll 2012-06-29 18:52 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D445D410-4B67-433E-8792-1F99E582B0E8}\mpengine.dll 2012-06-23 16:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-23 16:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-23 16:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-23 16:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-23 16:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-23 16:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-23 16:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-23 16:12 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-23 16:12 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-19 22:22 . 2012-06-19 22:22 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-19 22:22 . 2012-06-19 22:22 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-17 15:10 . 2012-06-17 15:10 -------- d-----w- c:\users\Hunter Roberts\AppData\Roaming\LolClient 2012-06-14 14:47 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-14 14:47 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-14 14:47 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-14 14:47 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-14 14:47 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-14 14:47 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-14 14:47 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-14 14:47 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-14 14:47 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-14 14:47 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-14 14:47 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-14 14:46 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-14 14:46 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-14 14:46 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-14 14:46 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-14 14:46 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-14 14:46 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-12 23:47 . 2009-02-24 22:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys 2012-06-12 23:30 . 2012-06-12 23:30 -------- d--h--w- c:\programdata\Common Files 2012-06-12 23:30 . 2012-06-12 23:31 -------- d-----w- c:\users\Hunter Roberts\AppData\Roaming\DAEMON Tools Pro 2012-06-12 23:30 . 2012-06-12 23:30 -------- d-----w- c:\users\Hunter Roberts\AppData\Roaming\OpenCandy 2012-06-12 23:29 . 2012-06-12 23:30 -------- d-----w- c:\programdata\DAEMON Tools Pro 2012-06-10 22:53 . 2008-07-31 14:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll 2012-06-10 22:53 . 2008-07-31 14:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll 2012-06-10 22:53 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll 2012-06-10 22:53 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll 2012-06-10 22:53 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2012-06-10 22:49 . 2012-06-10 22:49 -------- d-----w- C:\Riot Games 2012-06-10 20:29 . 2012-07-03 17:11 -------- d-----w- c:\users\Hunter Roberts\AppData\Local\PMB Files 2012-06-10 20:29 . 2012-07-03 17:11 -------- d-----w- c:\programdata\PMB Files 2012-06-10 20:28 . 2012-06-10 20:28 -------- d-----w- c:\program files (x86)\Pando Networks . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-02 02:07 . 2011-09-11 18:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-25 05:21 . 2012-05-25 05:21 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160] "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-13 9216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 250056] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-13 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2011-06-14 986112] S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480] S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272] S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968] S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2010-11-04 58128] S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2010-10-19 274432] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2010-11-04 59904] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-02 02:07] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-21 3666800] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224] "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = mStart Page = mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 97.64.209.36 97.64.168.13 TCP: Interfaces\{579B40EC-3F36-48FF-8E14-8450585A4A6F}: DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.220.220 208.67.222.222 FF - ProfilePath - c:\users\Hunter Roberts\AppData\Roaming\Mozilla\Firefox\Profiles\0zjozxw4.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Yahoo Search FF - prefs.js: browser.startup.homepage - www.yahoo.com|www.youtube.com|www.yahoo.com|www.yahoo.com FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) AddRemove-YInstHelper - c:\windows\system32\regsvr32 . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-07-04 10:05:12 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-04 14:05 . Pre-Run: 519,011,053,568 bytes free Post-Run: 518,657,675,264 bytes free . - - End Of File - - A8B913C23FC577B0B2F8E8C5E93B5690

I did update, i don't understand why it would be so old. Nevertheless I updated again and here are the results for the full scan. Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.04.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hunter Roberts :: DEACAN [administrator] Protection: Enabled 7/3/2012 10:31:24 PM mbam-log-2012-07-03 (22-31-24).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 327737 Time elapsed: 32 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\_OTL\MovedFiles\07032012_172321\C_Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end)

All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-2378854357-3300508831-1638955360-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found. Registry value HKEY_USERS\S-1-5-21-2378854357-3300508831-1638955360-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found. Registry key HKEY_USERS\S-1-5-21-2378854357-3300508831-1638955360-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. Registry key HKEY_USERS\S-1-5-21-2378854357-3300508831-1638955360-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found. Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" removed from keyword.URL C:\Users\Hunter Roberts\AppData\Roaming\mozilla\Firefox\Profiles\0zjozxw4.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully. C:\Users\Hunter Roberts\AppData\Roaming\mozilla\Firefox\Profiles\0zjozxw4.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully. C:\Users\Hunter Roberts\AppData\Roaming\mozilla\Firefox\Profiles\0zjozxw4.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully. C:\Users\Hunter Roberts\AppData\Roaming\mozilla\Firefox\Profiles\0zjozxw4.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully. C:\Users\Hunter Roberts\AppData\Roaming\mozilla\Firefox\Profiles\0zjozxw4.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully. C:\Users\Hunter Roberts\AppData\Roaming\mozilla\Firefox\Profiles\0zjozxw4.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully. C:\Users\Hunter Roberts\AppData\Roaming\mozilla\Firefox\Profiles\0zjozxw4.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully. C:\Users\Hunter Roberts\AppData\Roaming\mozilla\Firefox\Profiles\0zjozxw4.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully. C:\Users\Hunter Roberts\AppData\Roaming\Mozilla\Firefox\Profiles\0zjozxw4.default\searchplugins\conduit.xml moved successfully. C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found. Registry value HKEY_USERS\S-1-5-21-2378854357-3300508831-1638955360-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ moved successfully. ========== FILES ========== C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully. C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L folder moved successfully. Folder move failed. C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} scheduled to be moved on reboot. C:\Users\Hunter Roberts\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully. C:\Users\Hunter Roberts\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L folder moved successfully. C:\Users\Hunter Roberts\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Hunter Roberts\Desktop\cmd.bat deleted successfully. C:\Users\Hunter Roberts\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Hunter User: Hunter Roberts ->Temp folder emptied: 8036927211 bytes ->Temporary Internet Files folder emptied: 289836134 bytes ->Java cache emptied: 932476 bytes ->FireFox cache emptied: 254235734 bytes ->Flash cache emptied: 8258603 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1651756157 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84525 bytes RecycleBin emptied: 4059896364 bytes Total Files Cleaned = 13,639.00 mb Restore point Set: OTL Restore Point HOSTS file reset successfully OTL by OldTimer - Version 3.2.53.1 log created on 07032012_172321 Files\Folders moved on Reboot... C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully. C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} folder moved successfully. C:\Users\Hunter Roberts\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\windows\temp\Temporary Internet Files\Content.IE5\Q4E59FGS\110576[1].htm moved successfully. File\Folder C:\windows\temp\Temporary Internet Files\Content.IE5\BGU4O2B2\ddc[1].htm not found! C:\windows\temp\Temporary Internet Files\Content.IE5\2KWTCELM\sh090[2].htm moved successfully. File\Folder C:\windows\temp\flaCCFA.tmp not found! File\Folder C:\windows\temp\flaE3C6.tmp not found! PendingFileRenameOperations files... File C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} not found! File C:\Users\Hunter Roberts\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found! File C:\windows\temp\Temporary Internet Files\Content.IE5\Q4E59FGS\110576[1].htm not found! File C:\windows\temp\Temporary Internet Files\Content.IE5\BGU4O2B2\ddc[1].htm not found! File C:\windows\temp\Temporary Internet Files\Content.IE5\2KWTCELM\sh090[2].htm not found! File C:\windows\temp\flaCCFA.tmp not found! File C:\windows\temp\flaE3C6.tmp not found! Registry entries deleted on Reboot... Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.03.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hunter Roberts :: HUNTER [administrator] Protection: Enabled 3/3/2012 12:32:00 PM mbam-log-2012-03-03 (12-32-00).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 307248 Time elapsed: 46 minute(s), 57 second(s) Memory Processes Detected: 1 C:\ProgramData\f7a6b9\SMf7a_8039.exe (Rogue.StrongMalwareDefender) -> 3116 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Strong Malware Defender (Rogue.StrongMalwareDefender) -> Data: "C:\ProgramData\f7a6b9\SMf7a_8039.exe" /s /d -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=8039&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and repaired successfully. Folders Detected: 1 C:\Users\Hunter Roberts\AppData\Roaming\Strong Malware Defender (Rogue.StrongMalwareDefender) -> Quarantined and deleted successfully. Files Detected: 12 C:\ProgramData\f7a6b9\SMf7a_8039.exe (Rogue.StrongMalwareDefender) -> Quarantined and deleted successfully. C:\Users\Hunter Roberts\AppData\Local\promo.exe (Adware.Soge) -> Quarantined and deleted successfully. C:\Users\Hunter Roberts\AppData\Local\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully. C:\Users\Hunter Roberts\Downloads\wrar401.exe (PUP.BundleInstaller.OI) -> Quarantined and deleted successfully. C:\Users\Hunter Roberts\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\Hunter Roberts\Desktop\Strong Malware Defender.lnk (Rogue.StrongMalwareDefender) -> Quarantined and deleted successfully. C:\Users\Hunter Roberts\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Strong Malware Defender.lnk (Rogue.StrongMalwareDefender) -> Quarantined and deleted successfully. C:\Users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Start Menu\Strong Malware Defender.lnk (Rogue.StrongMalwareDefender) -> Quarantined and deleted successfully. C:\Users\Hunter Roberts\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strong Malware Defender.lnk (Rogue.StrongMalwareDefender) -> Quarantined and deleted successfully. C:\Users\Hunter Roberts\AppData\Roaming\Strong Malware Defender\cookies.sqlite (Rogue.StrongMalwareDefender) -> Quarantined and deleted successfully. C:\Users\Hunter Roberts\AppData\Roaming\Strong Malware Defender\Instructions.ini (Rogue.StrongMalwareDefender) -> Quarantined and deleted successfully. C:\Users\Hunter Roberts\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Quarantined and deleted successfully. (end)

OTL logfile created on: 7/3/2012 1:30:45 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Hunter Roberts\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.91 Gb Total Physical Memory | 4.16 Gb Available Physical Memory | 70.46% Memory free 11.82 Gb Paging File | 9.95 Gb Available in Paging File | 84.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581.42 Gb Total Space | 472.23 Gb Free Space | 81.22% Space Free | Partition Type: NTFS Drive D: | 4.38 Gb Total Space | 0.30 Gb Free Space | 6.88% Space Free | Partition Type: UDF Computer Name: DEACAN | User Name: Hunter Roberts | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/07/03 13:08:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hunter Roberts\Desktop\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/09/05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/04/13 11:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2010/11/17 13:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/11/03 13:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2010/11/03 12:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2010/11/03 12:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2012/06/15 12:29:59 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll MOD - [2012/06/15 12:21:13 | 011,833,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll MOD - [2012/06/15 12:20:52 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/15 12:20:47 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/05/13 03:34:52 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012/05/13 03:33:00 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/13 03:32:26 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/13 03:32:22 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/13 03:32:20 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/13 03:32:19 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/13 03:32:12 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/06/14 11:31:06 | 000,498,688 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent) SRV:64bit: - [2011/06/14 11:26:20 | 000,986,112 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv) SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/12/17 15:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel® SRV:64bit: - [2010/12/17 15:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2010/12/17 15:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel® SRV:64bit: - [2010/11/29 16:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel® SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012/07/01 22:07:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/19 18:22:40 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/09/05 10:04:54 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12) SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM) SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/11/03 13:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2010/11/03 12:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010/10/05 22:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/10/05 22:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/05/19 14:25:10 | 000,182,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino® DRV:64bit: - [2011/05/19 14:25:04 | 000,083,968 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb) Intel® Centrino® DRV:64bit: - [2011/05/19 14:25:00 | 000,084,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum) Intel® Centrino® DRV:64bit: - [2011/05/13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011/04/10 15:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/03/24 07:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011/03/24 07:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/01/20 12:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2010/12/21 10:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel® DRV:64bit: - [2010/12/10 17:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/12/10 17:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/11/29 16:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/06 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/11/04 06:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2010/11/04 04:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2010/10/19 19:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus) DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{EB438702-BA8F-442B-986D-2DDCF6DF95E6} IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes] IE - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={5EA50E2D-63C7-4DA2-8D81-9FDF4C0D02F5}&mid=fc19a108eafd47d0b8f07d3bcfd33f3e-5e9efa98b8d4792e4b40200f490b67456603da6d〈=en&ds=od011&pr=sa&d=2012-06-12 19:34:55&v=11.1.0.7&sap=hp IE - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found IE - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\..\SearchScopes\{39664ABE-AFEF-4C4B-8FED-C5D7439EDA9D}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 IE - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en IE - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5EA50E2D-63C7-4DA2-8D81-9FDF4C0D02F5}&mid=fc19a108eafd47d0b8f07d3bcfd33f3e-5e9efa98b8d4792e4b40200f490b67456603da6d〈=en&ds=od011&pr=sa&d=2012-06-12 19:34:55&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://findgala.com/?&uid=8039&q={searchTerms} IE - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc" FF - prefs.js..browser.search.selectedEngine: "Yahoo Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.yahoo.com|www.youtube.com|www.yahoo.com|www.yahoo.com" FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Hunter Roberts\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 18:22:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/19 18:22:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/11 14:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hunter Roberts\AppData\Roaming\mozilla\Extensions [2012/06/28 16:56:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hunter Roberts\AppData\Roaming\mozilla\Firefox\Profiles\0zjozxw4.default\extensions [2012/05/19 21:55:58 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hunter Roberts\AppData\Roaming\mozilla\Firefox\Profiles\0zjozxw4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/05/31 12:21:43 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Hunter Roberts\AppData\Roaming\mozilla\Firefox\Profiles\0zjozxw4.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2012/03/29 18:26:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Hunter Roberts\AppData\Roaming\mozilla\Firefox\Profiles\0zjozxw4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/04/18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Users\Hunter Roberts\AppData\Roaming\Mozilla\Firefox\Profiles\0zjozxw4.default\searchplugins\conduit.xml [2011/09/12 18:57:15 | 000,000,942 | ---- | M] () -- C:\Users\Hunter Roberts\AppData\Roaming\Mozilla\Firefox\Profiles\0zjozxw4.default\searchplugins\yahoo.xml [2011/09/11 14:50:46 | 000,002,057 | ---- | M] () -- C:\Users\Hunter Roberts\AppData\Roaming\Mozilla\Firefox\Profiles\0zjozxw4.default\searchplugins\youtube-video-search.xml [2011/09/13 18:12:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/03/04 00:40:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012/06/13 11:08:38 | 000,003,793 | ---- | M] () (No name found) -- C:\USERS\HUNTER ROBERTS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ZJOZXW4.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI [2012/06/28 16:56:19 | 000,743,305 | ---- | M] () (No name found) -- C:\USERS\HUNTER ROBERTS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0ZJOZXW4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/06/19 18:22:40 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2012/06/12 19:34:53 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012/06/19 18:22:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/19 18:22:38 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== Hosts file not found O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found. O3 - HKU\S-1-5-21-2378854357-3300508831-1638955360-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe () O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.209.36 97.64.168.13 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{579B40EC-3F36-48FF-8E14-8450585A4A6F}: DhcpNameServer = 8.8.8.8 8.8.4.4 208.67.220.220 208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EC164DB-740A-4160-AE60-BF5B53B7FBE1}: DhcpNameServer = 97.64.209.36 97.64.168.13 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3fbb1888-1314-11e1-9bd7-ac728937d6cd}\Shell - "" = AutoRun O33 - MountPoints2\{3fbb1888-1314-11e1-9bd7-ac728937d6cd}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{f72694c6-31ca-11e1-b4f1-ac728937d6cd}\Shell - "" = AutoRun O33 - MountPoints2\{f72694c6-31ca-11e1-b4f1-ac728937d6cd}\Shell\AutoRun\command - "" = G:\setup.exe -a O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/07/03 13:08:38 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Hunter Roberts\Desktop\OTL.exe [2012/07/02 19:32:49 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA% [2012/07/02 19:25:44 | 000,000,000 | ---D | C] -- C:\Users\Hunter Roberts\AppData\Local\Macromedia [2012/06/17 11:10:24 | 000,000,000 | ---D | C] -- C:\Users\Hunter Roberts\AppData\Roaming\LolClient [2012/06/12 19:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc [2012/06/12 19:47:06 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\windows\SysNative\drivers\mcdbus.sys [2012/06/12 19:30:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/06/12 19:30:29 | 000,000,000 | ---D | C] -- C:\Users\Hunter Roberts\AppData\Roaming\DAEMON Tools Pro [2012/06/12 19:30:26 | 000,000,000 | ---D | C] -- C:\Users\Hunter Roberts\AppData\Roaming\OpenCandy [2012/06/12 19:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro [2012/06/10 19:07:03 | 000,000,000 | ---D | C] -- C:\Users\Hunter Roberts\AppData\Roaming\LolClient2 [2012/06/10 18:49:39 | 000,000,000 | ---D | C] -- C:\Riot Games [2012/06/10 18:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games [2012/06/10 16:29:15 | 000,000,000 | ---D | C] -- C:\Users\Hunter Roberts\AppData\Local\PMB Files [2012/06/10 16:29:14 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2012/06/10 16:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/07/03 13:08:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hunter Roberts\Desktop\OTL.exe [2012/07/03 13:05:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/07/03 12:25:50 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/07/03 12:25:50 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/07/03 12:22:00 | 000,780,220 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/07/03 12:22:00 | 000,660,982 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/07/03 12:22:00 | 000,121,620 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/07/03 12:15:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/07/03 12:15:36 | 463,867,903 | -HS- | M] () -- C:\hiberfil.sys [2012/07/03 00:15:02 | 000,001,722 | ---- | M] () -- C:\Users\Hunter Roberts\Desktop\League of Legends.lnk [2012/07/03 00:14:59 | 000,001,099 | ---- | M] () -- C:\Users\Hunter Roberts\Desktop\StarCraft II.lnk [2012/06/28 15:12:01 | 030,110,324 | ---- | M] () -- C:\Users\Hunter Roberts\Documents\clip0008.avi [2012/06/24 18:28:17 | 000,000,636 | ---- | M] () -- C:\Users\Hunter Roberts\Desktop\Quake III.lnk [2012/06/15 12:16:48 | 000,460,056 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/07/03 13:20:12 | 000,232,960 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ [2012/07/03 00:15:02 | 000,001,722 | ---- | C] () -- C:\Users\Hunter Roberts\Desktop\League of Legends.lnk [2012/07/03 00:14:59 | 000,001,099 | ---- | C] () -- C:\Users\Hunter Roberts\Desktop\StarCraft II.lnk [2012/07/03 00:13:30 | 000,001,090 | ---- | C] () -- C:\Users\Hunter Roberts\Desktop\VLC media player.lnk [2012/07/03 00:13:23 | 000,002,951 | ---- | C] () -- C:\Users\Hunter Roberts\Desktop\Excel 2010.lnk [2012/07/03 00:13:18 | 000,002,937 | ---- | C] () -- C:\Users\Hunter Roberts\Desktop\PowerPoint 2010.lnk [2012/07/03 00:13:04 | 000,003,041 | ---- | C] () -- C:\Users\Hunter Roberts\Desktop\Publisher 2010.lnk [2012/07/03 00:12:55 | 000,003,021 | ---- | C] () -- C:\Users\Hunter Roberts\Desktop\Word 2010.lnk [2012/07/03 00:12:47 | 000,000,937 | ---- | C] () -- C:\Users\Hunter Roberts\Desktop\HyperCam 2.lnk [2012/07/01 21:59:31 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/07/01 21:57:36 | 000,088,576 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@ [2012/07/01 21:57:33 | 000,016,896 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@ [2012/07/01 21:57:31 | 000,080,896 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ [2012/07/01 21:57:31 | 000,000,804 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@ [2012/07/01 21:57:27 | 000,002,048 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@ [2012/07/01 21:57:27 | 000,001,632 | ---- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@ [2012/06/28 15:11:55 | 030,110,324 | ---- | C] () -- C:\Users\Hunter Roberts\Documents\clip0008.avi [2012/06/24 18:28:17 | 000,000,636 | ---- | C] () -- C:\Users\Hunter Roberts\Desktop\Quake III.lnk [2012/05/14 20:07:17 | 000,000,000 | ---- | C] () -- C:\Users\Hunter Roberts\AppData\Local\rx_image32.Cache [2012/05/10 21:44:50 | 000,136,540 | ---- | C] () -- C:\windows\hphins33.dat [2012/05/10 21:44:50 | 000,000,512 | ---- | C] () -- C:\windows\hphmdl33.dat [2012/01/11 17:59:16 | 000,002,048 | -HS- | C] () -- C:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ [2012/01/11 17:59:16 | 000,002,048 | -HS- | C] () -- C:\Users\Hunter Roberts\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ [2011/10/20 18:09:04 | 000,013,312 | ---- | C] () -- C:\Users\Hunter Roberts\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/09/12 19:15:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/08/17 21:26:39 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011/08/17 21:26:38 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2011/08/17 21:26:38 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011/08/17 21:26:38 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2011/08/17 21:26:38 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2011/08/17 21:26:00 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini [2011/08/17 21:25:56 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini [2011/08/17 21:25:56 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini [2011/08/17 21:25:56 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini [2011/08/17 21:25:55 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini [2011/08/17 21:25:55 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini [2011/08/17 21:25:55 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini [2011/08/17 21:25:55 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini [2011/08/17 19:07:41 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll [2011/08/17 19:03:12 | 000,774,436 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/08/17 19:00:32 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll ========== LOP Check ========== [2012/03/24 00:55:00 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\.minecraft [2012/06/12 19:31:23 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\DAEMON Tools Pro [2011/09/11 12:05:53 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\Fingertapps [2011/12/12 18:04:45 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\IDT [2011/11/06 18:25:17 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\iWin [2011/09/11 12:05:35 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\Leadertech [2012/06/17 11:10:24 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\LolClient [2012/06/10 19:07:03 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\LolClient2 [2011/12/18 21:57:14 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\ooVoo Details [2012/06/12 19:30:28 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\OpenCandy [2011/09/18 12:02:12 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\PCDr [2011/12/08 20:53:01 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\SoftGrid Client [2011/09/20 19:43:32 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\TP [2012/07/02 19:22:27 | 000,000,000 | ---D | M] -- C:\Users\Hunter Roberts\AppData\Roaming\uTorrent [2012/07/03 00:10:43 | 000,032,586 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 7/3/2012 1:30:45 PM - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Hunter Roberts\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.91 Gb Total Physical Memory | 4.16 Gb Available Physical Memory | 70.46% Memory free 11.82 Gb Paging File | 9.95 Gb Available in Paging File | 84.22% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581.42 Gb Total Space | 472.23 Gb Free Space | 81.22% Space Free | Partition Type: NTFS Drive D: | 4.38 Gb Total Space | 0.30 Gb Free Space | 6.88% Space Free | Partition Type: UDF Computer Name: DEACAN | User Name: Hunter Roberts | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [HKEY_USERS\S-1-5-21-2378854357-3300508831-1638955360-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java 6 Update 24 (64-bit) "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display "{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software "{5C1DA3D9-F590-4317-A4FB-274F658E504B}" = Intel® PROSet/Wireless WiMAX Software "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel® PROSet/Wireless Software for Bluetooth® Technology "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6 "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0 "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app "HyperCam 2" = HyperCam 2 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "ProInst" = Intel PROSet Wireless [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{25680C01-6753-4FE9-A891-7857F26457C1}" = Intel® WiDi "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java 6 Update 27 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2A0F2CC5-3065-492C-8380-B03AA7106B1A}" = Dell Product Registration "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175 "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "Dell Webcam Central" = Dell Webcam Central "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "StarCraft II" = StarCraft II "Tradewinds Classic1.0" = Tradewinds Classic "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.11 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-bit) "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2378854357-3300508831-1638955360-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 5/18/2012 9:10:21 PM | Computer Name = Deacan | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 5/19/2012 4:24:04 PM | Computer Name = Deacan | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 5/20/2012 12:58:01 PM | Computer Name = Deacan | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 5/21/2012 5:21:03 PM | Computer Name = Deacan | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 5/22/2012 4:21:09 PM | Computer Name = Deacan | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 5/22/2012 7:36:38 PM | Computer Name = Deacan | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 5/23/2012 12:32:37 PM | Computer Name = Deacan | Source = WinMgmt | ID = 10 Description = Error - 5/23/2012 12:32:53 PM | Computer Name = Deacan | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 5/23/2012 1:22:17 PM | Computer Name = Deacan | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 5/23/2012 2:59:42 PM | Computer Name = Deacan | Source = Customer Experience Improvement Program | ID = 1008 Description = [ System Events ] Error - 6/29/2012 5:04:04 PM | Computer Name = Deacan | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 6/29/2012 5:04:04 PM | Computer Name = Deacan | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 6/29/2012 5:04:44 PM | Computer Name = Deacan | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 6/29/2012 5:04:44 PM | Computer Name = Deacan | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 6/29/2012 5:05:16 PM | Computer Name = Deacan | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 6/29/2012 5:05:59 PM | Computer Name = Deacan | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 6/29/2012 5:06:00 PM | Computer Name = Deacan | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 6/29/2012 5:06:37 PM | Computer Name = Deacan | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 6/29/2012 5:08:22 PM | Computer Name = Deacan | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. Error - 6/29/2012 5:08:23 PM | Computer Name = Deacan | Source = Microsoft-Windows-DNS-Client | ID = 1012 Description = There was an error while attempting to read the local hosts file. < End of report >

I've got a virus labled as Trojan.Dropper.BCMiner as identified by Malwarebytes. I've read some other topics about this, and have tried to follow along with their steps, but couldn't seem to. Here is the log from my most recent scan, and I would appreciate any help i can get. Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.03.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Hunter Roberts :: DEACAN [administrator] Protection: Enabled 7/3/2012 1:18:10 PM mbam-log-2012-07-03 (13-18-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 218313 Time elapsed: 1 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. (end)