Jump to content

Recommended Posts

This BCMINER trojan is proving most difficult to remove. Any help would be greatly appreciated!

Logs:

DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Hud at 8:52:14 on 2012-06-21

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.3024 [GMT -8:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Users\Hud\Desktop\iexplore.exe

C:\Users\Hud\Desktop\iexplore.exe

C:\Users\Hud\Desktop\iexplore.exe

C:\Users\Hud\Desktop\iexplore.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mWinlogon: Userinit=userinit.exe,

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

TB: {37153479-1976-43C3-A1EE-557513977B64} - No File

uRunOnce: [DeleteGrabPro] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files (x86)\Orbitdownloader\GrabPro.dll"

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4D497BC6-8280-42DA-8D40-7989A4E29B75} : DhcpNameServer = 192.168.227.1

TCP: Interfaces\{F5B30520-117F-4F84-8889-1BB8FECCA85F} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{F5B30520-117F-4F84-8889-1BB8FECCA85F}\845746 : DhcpNameServer = 192.168.2.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File

TB-X64: {37153479-1976-43C3-A1EE-557513977B64} - No File

mRun-x64: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=

FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]

S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

S2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]

S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]

S2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

S2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-12-9 1128952]

S2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 257224]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

.

=============== Created Last 30 ================

.

2012-06-21 11:03:49 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-21 11:03:49 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-21 11:03:48 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-21 11:03:27 80896 ----a-w- C:\Windows\System32\imagehlp.dll

2012-06-21 11:03:27 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-06-21 11:03:27 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-06-21 11:03:27 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-06-21 11:03:27 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-06-21 11:03:27 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-06-21 11:03:27 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-06-21 05:33:01 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-21 05:27:47 3213824 ----a-w- C:\Windows\System32\msi.dll

2012-06-21 05:27:47 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-21 04:51:26 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-21 04:50:27 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-06-21 04:49:32 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-06-21 04:49:32 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-06-21 04:49:31 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-06-21 04:49:31 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-06-21 04:49:31 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-06-21 03:35:13 -------- d-----w- C:\Program Files (x86)\ESET

2012-06-20 23:06:43 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-06-19 16:45:45 -------- d-----w- C:\Windows\en

2012-06-19 16:43:16 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-06-19 16:40:02 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2c3dd9ad1cd4e3a03\DSETUP.dll

2012-06-19 16:40:02 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2c3dd9ad1cd4e3a03\DXSETUP.exe

2012-06-19 16:40:02 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2c3dd9ad1cd4e3a03\dsetup32.dll

2012-06-19 02:43:57 -------- d-----w- C:\Users\Hud\AppData\Roaming\Moyea

2012-06-19 02:43:15 -------- d-----w- C:\Program Files (x86)\Moyea

.

==================== Find3M ====================

.

2012-06-20 23:04:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-20 23:04:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-04 23:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 8:53:22.78 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/27/2011 6:12:42 PM

System Uptime: 6/21/2012 8:29:50 AM (0 hours ago)

.

Motherboard: FOXCONN | | 2AB1

Processor: AMD Athlon II X4 640 Processor | CPU 1 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 918 GiB total, 864.805 GiB free.

D: is FIXED (NTFS) - 13 GiB total, 1.63 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP47: 4/15/2012 12:00:29 AM - Windows Backup

RP48: 4/20/2012 11:20:35 PM - HPSF Restore Point

RP49: 6/4/2012 2:10:20 PM - Windows Backup

RP50: 6/17/2012 1:08:43 PM - Windows Backup

RP51: 6/19/2012 8:40:14 AM - Windows Live Essentials

RP52: 6/19/2012 8:41:40 AM - Installed DirectX

RP53: 6/19/2012 8:41:58 AM - Installed DirectX

RP54: 6/19/2012 8:42:36 AM - WLSetup

RP55: 6/20/2012 10:00:46 PM - Restore Operation

RP56: 6/21/2012 3:00:15 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Flash Player 11 ActiveX

Agatha Christie - Peril at End House

Bejeweled 2 Deluxe

Blackhawk Striker 2

Blasterball 3

Blio

Bounce Symphony

Build-a-lot 2

Cake Mania

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

Coupon Printer for Windows

CyberLink DVD Suite Deluxe

D3DX10

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

DVD Menu Pack for HP MediaSmart Video

Escape Rosecliff Island

ESET Online Scanner v3

eSupport UndeletePlus 3.0.2.406

Farm Frenzy

FATE

Final Drive Nitro

FlipShare

Heroes of Hellas 2 - Olympia

Hewlett-Packard ACLM.NET v1.1.1.0

HP Customer Experience Enhancements

HP Game Console

HP Games

HP MediaSmart DVD

HP MediaSmart Music

HP MediaSmart Photo

HP MediaSmart Video

HP MediaSmart/TouchSmart Netflix

HP MovieStore

HP Odometer

HP Setup

HP Setup Manager

HP Support Assistant

HP Support Information

HP Update

Hulu Desktop

IrfanView (remove only)

Java Auto Updater

Java 6 Update 29

Jewel Quest Solitaire 2

Junk Mail filter update

Kobo

LabelPrint

LightScribe System Software

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Office 2010

Microsoft Office Excel 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Movie Theme Pack for HP MediaSmart Video

Mozilla Firefox 10.0.2 (x86 en-US)

MpcStar 5.0

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery P.I. - The London Caper

Norton Online Backup

PC Inspector File Recovery

PDF Complete Special Edition

Penguins!

PhotoNow!

PictureMover

Plants vs. Zombies

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PowerDirector

PressReader

Ralink RT2860 Wireless LAN Card

Realtek High Definition Audio Driver

Recovery Manager

RoxioNow Player

Starcraft

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Script Editor Help (KB963671)

Virtual Families

Virtual Villagers 4 - The Tree of Life

Visual Studio 2008 x64 Redistributables

Wheel of Fortune 2

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip 11.1

Zinio Reader 4

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

6/21/2012 8:30:49 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

6/21/2012 8:30:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

6/21/2012 8:30:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/21/2012 8:30:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/21/2012 8:30:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

6/21/2012 8:30:20 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr Wanarpv6

6/21/2012 8:30:18 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

6/21/2012 8:30:18 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

6/21/2012 8:30:18 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

6/21/2012 8:18:46 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

6/21/2012 8:18:46 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

6/21/2012 3:09:27 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

6/20/2012 6:20:11 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

6/20/2012 10:30:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

6/20/2012 10:23:32 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

6/20/2012 10:23:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

6/20/2012 10:23:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

6/20/2012 10:22:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

6/20/2012 10:22:58 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

6/20/2012 1:54:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Hud-HP\Hud SID (S-1-5-21-3537228672-3584438683-667650786-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

6/20/2012 1:46:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================

Link to post
Share on other sites

Additionally, here is the MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.20.07

Windows 7 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Hud :: HUD-HP [administrator]

6/21/2012 8:32:26 AM

mbam-log-2012-06-21 (08-32-26).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 227789

Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Hello JHUD and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Thanks for the response! I will post the logs:

OTL logfile created on: 6/21/2012 9:42:07 AM - Run 1

OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Hud\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.78 Gb Available Physical Memory | 74.13% Memory free

7.50 Gb Paging File | 6.69 Gb Available in Paging File | 89.29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 918.16 Gb Total Space | 864.57 Gb Free Space | 94.16% Space Free | Partition Type: NTFS

Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.31% Space Free | Partition Type: NTFS

Computer Name: HUD-HP | User Name: Hud | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 09:36:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe

PRC - [2012/01/08 13:05:33 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Users\Hud\Desktop\iexplore.exe

PRC - [2009/07/13 17:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE

========== Modules (No Company Name) ==========

MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/05/11 07:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2012/06/20 15:04:05 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)

SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)

SRV - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/09/11 01:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/06/18 17:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 22:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2010/12/09 19:36:19 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010/12/09 19:36:19 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/09/02 22:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/08/13 05:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/08/13 05:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/07/21 19:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2010/05/11 07:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/05/11 06:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q="

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com"

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374

FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/02 10:13:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/08 13:42:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 11:10:56 | 000,000,000 | ---D | M]

[2011/02/28 18:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hud\AppData\Roaming\Mozilla\Extensions

[2012/06/21 08:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\extensions

[2011/02/28 18:21:11 | 000,001,834 | ---- | M] () -- C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\searchplugins\bing.xml

[2012/01/29 14:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/02/02 10:13:55 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4

[2012/03/08 13:42:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/07/13 13:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2012/01/12 11:10:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/07/13 13:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/03/08 13:42:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/03/08 13:42:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - HKCU..\RunOnce: [DeleteGrabPro] C:\Windows\SysWow64\advpack.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D497BC6-8280-42DA-8D40-7989A4E29B75}: DhcpNameServer = 192.168.227.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5B30520-117F-4F84-8889-1BB8FECCA85F}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{60995f6d-67fb-11e1-b554-6431501fe695}\Shell - "" = AutoRun

O33 - MountPoints2\{60995f6d-67fb-11e1-b554-6431501fe695}\Shell\AutoRun\command - "" = K:\setup.exe -a

O33 - MountPoints2\{939cd727-42df-11e0-be25-6431501fe695}\Shell - "" = AutoRun

O33 - MountPoints2\{939cd727-42df-11e0-be25-6431501fe695}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O33 - MountPoints2\{d82ba151-0422-11e0-8164-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{d82ba151-0422-11e0-8164-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/21 09:36:39 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe

[2012/06/21 09:28:32 | 004,563,474 | ---- | C] (Swearware) -- C:\Users\Hud\Desktop\ComboFix.exe

[2012/06/21 08:39:57 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Hud\Desktop\dds.scr

[2012/06/21 03:03:49 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/06/21 03:03:49 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/06/21 03:03:48 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/06/21 03:03:27 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/06/21 03:03:27 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012/06/21 03:03:27 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012/06/20 21:27:47 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2012/06/20 19:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/06/20 19:19:00 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Hud\Desktop\tdsskiller.exe

[2012/06/20 15:06:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/06/19 08:45:45 | 000,000,000 | ---D | C] -- C:\Windows\en

[2012/06/19 08:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012/06/18 19:44:39 | 000,748,336 | ---- | C] (Microsoft Corporation) -- C:\Users\Hud\Desktop\iexplore.exe

[2012/06/18 18:46:43 | 000,000,000 | ---D | C] -- C:\Users\Hud\Documents\Moyea

[2012/06/18 18:43:57 | 000,000,000 | ---D | C] -- C:\Users\Hud\AppData\Roaming\Moyea

[2012/06/18 18:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/21 09:36:48 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe

[2012/06/21 09:30:42 | 004,563,474 | ---- | M] (Swearware) -- C:\Users\Hud\Desktop\ComboFix.exe

[2012/06/21 08:40:00 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Hud\Desktop\dds.scr

[2012/06/21 08:30:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/21 08:30:05 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/21 08:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/21 03:17:15 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/21 03:17:15 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/20 15:05:57 | 100,594,855 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/06/20 15:04:05 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/06/20 15:04:05 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/06/18 17:58:04 | 000,392,412 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012/06/17 21:18:16 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/17 21:18:16 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/17 21:18:16 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/15 05:40:47 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Hud\Desktop\tdsskiller.exe

[2012/06/04 14:22:23 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHud.job

[2012/06/04 13:59:56 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRenee.job

[2012/06/01 02:07:16 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHUD-HP$.job

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/21 08:39:16 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@

[2012/06/20 21:16:31 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@

[2012/06/20 21:16:09 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@

[2012/06/20 21:14:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@

[2012/06/20 14:56:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@

[2012/06/20 14:54:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@

[2012/06/20 14:54:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@

[2012/06/16 17:05:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@

[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@

[2012/03/12 21:46:13 | 000,004,608 | ---- | C] () -- C:\Users\Hud\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/22 13:35:21 | 000,013,902 | ---- | C] () -- C:\Windows\scunin.dat

[2010/12/09 19:38:41 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010/12/09 18:56:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat

[2010/12/09 18:42:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010/09/21 10:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

< End of report >

OTL Extras logfile created on: 6/21/2012 9:42:07 AM - Run 1

OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Hud\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.78 Gb Available Physical Memory | 74.13% Memory free

7.50 Gb Paging File | 6.69 Gb Available in Paging File | 89.29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 918.16 Gb Total Space | 864.57 Gb Free Space | 94.16% Space Free | Partition Type: NTFS

Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.31% Space Free | Partition Type: NTFS

Computer Name: HUD-HP | User Name: Hud | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011

"{64E6D73F-707A-4817-8C2F-5BA9CB4B9CD8}" = AVG 2011

"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"AVG" = AVG 2011

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing

"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery

"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static

"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding

"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish

"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4

"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software

"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio

"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista

"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English

"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation

"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech

"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian

"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German

"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish

"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader

"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare

"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese

"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager

"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update

"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish

"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian

"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"ESET Online Scanner" = ESET Online Scanner v3

"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.406

"EXCEL" = Microsoft Office Excel 2007

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"IrfanView" = IrfanView (remove only)

"Kobo" = Kobo

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)

"MpcStar" = MpcStar 5.0

"My HP Game Console" = HP Game Console

"PDF Complete" = PDF Complete Special Edition

"Starcraft" = Starcraft

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"WORD" = Microsoft Office Word 2007

"WT087328" = Blackhawk Striker 2

"WT087330" = Bounce Symphony

"WT087335" = Build-a-lot 2

"WT087343" = Dora's World Adventure

"WT087360" = Escape Rosecliff Island

"WT087361" = FATE

"WT087362" = Final Drive Nitro

"WT087372" = Heroes of Hellas 2 - Olympia

"WT087379" = Jewel Quest Solitaire 2

"WT087394" = Penguins!

"WT087395" = Poker Superstars III

"WT087396" = Polar Bowler

"WT087397" = Polar Golfer

"WT087414" = Virtual Families

"WT087415" = Wheel of Fortune 2

"WT087428" = Bejeweled 2 Deluxe

"WT087453" = Chuzzle Deluxe

"WT087501" = Plants vs. Zombies

"WT087533" = Zuma Deluxe

"WT087536" = Diner Dash 2 Restaurant Rescue

"WT089299" = Mystery P.I. - The London Caper

"WT089307" = Virtual Villagers 4 - The Tree of Life

"WT089308" = Blasterball 3

"WT089328" = Farm Frenzy

"WT089359" = Cake Mania

"WT089362" = Agatha Christie - Peril at End House

"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"HuluDesktop" = Hulu Desktop

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 3/21/2012 3:20:29 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 4/6/2012 11:04:12 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 4/15/2012 4:00:23 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 4/15/2012 4:00:29 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 4/15/2012 4:41:07 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 4/15/2012 4:41:13 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 4/15/2012 4:41:15 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 4/15/2012 5:08:31 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 4/21/2012 3:20:36 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 4/24/2012 1:51:18 AM | Computer Name = Hud-HP | Source = EventSystem | ID = 4621

Description =

Error - 5/9/2012 4:38:02 PM | Computer Name = Hud-HP | Source = Application Error | ID = 1000

Description = Faulting application name: wlmail.exe, version: 15.4.3502.922, time

stamp: 0x4c9b06aa Faulting module name: wlupdate.15.4.120.0.dll_unloaded, version:

0.0.0.0, time stamp: 0x4f59675f Exception code: 0xc0000005 Fault offset: 0x63cdcfa2

Faulting

process id: 0x1200 Faulting application start time: 0x01cd2e233dc2af51 Faulting application

path: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe Faulting module path:

wlupdate.15.4.120.0.dll Report Id: def040c2-9a16-11e1-b62b-6431501fe695

[ System Events ]

Error - 6/11/2012 2:42:29 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/12/2012 12:25:28 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/12/2012 12:25:32 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/13/2012 11:45:41 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/13/2012 11:45:42 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/14/2012 11:44:53 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/14/2012 11:44:55 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/14/2012 3:40:20 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/14/2012 6:11:01 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/15/2012 12:59:37 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

< End of report >

Link to post
Share on other sites

Maniac,

Here are the corrected logs. Thanks again for your assistance!

TL logfile created on: 6/22/2012 9:09:49 AM - Run 1

OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Hud\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 67.69% Memory free

7.50 Gb Paging File | 6.15 Gb Available in Paging File | 81.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 918.16 Gb Total Space | 866.74 Gb Free Space | 94.40% Space Free | Partition Type: NTFS

Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.31% Space Free | Partition Type: NTFS

Computer Name: HUD-HP | User Name: Hud | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/22 09:08:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe

PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe

PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe

PRC - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

PRC - [2010/09/11 01:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

PRC - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/05 19:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/05/11 07:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2012/06/20 15:04:05 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)

SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)

SRV - [2011/05/06 10:58:04 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/09/11 01:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/06/18 17:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 22:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)

DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2010/12/09 19:36:19 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010/12/09 19:36:19 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/09/02 22:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/08/13 05:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)

DRV:64bit: - [2010/08/13 05:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)

DRV:64bit: - [2010/07/21 19:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2010/05/11 07:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/05/11 06:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/03/10 07:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2009/12/22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}

IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops

IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q="

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://search.orbitdownloader.com"

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374

FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/02 10:13:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/08 13:42:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/01/12 11:10:56 | 000,000,000 | ---D | M]

[2011/02/28 18:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hud\AppData\Roaming\Mozilla\Extensions

[2012/06/21 08:21:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\extensions

[2011/02/28 18:21:11 | 000,001,834 | ---- | M] () -- C:\Users\Hud\AppData\Roaming\Mozilla\Firefox\Profiles\znl4ylj3.default\searchplugins\bing.xml

[2012/01/29 14:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/02/02 10:13:55 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4

[2012/03/08 13:42:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/07/13 13:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2012/01/12 11:10:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/07/13 13:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/03/08 13:42:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/03/08 13:42:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.

O3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [startCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D497BC6-8280-42DA-8D40-7989A4E29B75}: DhcpNameServer = 192.168.227.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5B30520-117F-4F84-8889-1BB8FECCA85F}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{60995f6d-67fb-11e1-b554-6431501fe695}\Shell - "" = AutoRun

O33 - MountPoints2\{60995f6d-67fb-11e1-b554-6431501fe695}\Shell\AutoRun\command - "" = K:\setup.exe -a

O33 - MountPoints2\{939cd727-42df-11e0-be25-6431501fe695}\Shell - "" = AutoRun

O33 - MountPoints2\{939cd727-42df-11e0-be25-6431501fe695}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O33 - MountPoints2\{d82ba151-0422-11e0-8164-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{d82ba151-0422-11e0-8164-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/22 09:08:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe

[2012/06/20 19:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/06/20 15:06:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/06/19 08:45:45 | 000,000,000 | ---D | C] -- C:\Windows\en

[2012/06/19 08:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2012/06/18 18:46:43 | 000,000,000 | ---D | C] -- C:\Users\Hud\Documents\Moyea

[2012/06/18 18:43:57 | 000,000,000 | ---D | C] -- C:\Users\Hud\AppData\Roaming\Moyea

[2012/06/18 18:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Moyea

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/22 09:12:26 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/22 09:12:25 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/22 09:08:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Hud\Desktop\OTL.exe

[2012/06/22 09:04:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/22 09:04:24 | 3019,333,632 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/21 23:23:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/21 10:17:24 | 100,611,477 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/06/18 17:58:04 | 000,392,412 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012/06/17 21:18:16 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/17 21:18:16 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/17 21:18:16 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/04 14:22:23 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHud.job

[2012/06/04 13:59:56 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForRenee.job

[2012/06/01 02:07:16 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForHUD-HP$.job

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/21 10:11:54 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@

[2012/06/20 21:16:31 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@

[2012/06/20 21:16:09 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@

[2012/06/20 21:14:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@

[2012/06/20 14:56:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@

[2012/06/20 14:54:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@

[2012/06/20 14:54:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@

[2012/06/16 17:05:16 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@

[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@

[2012/03/12 21:46:13 | 000,004,608 | ---- | C] () -- C:\Users\Hud\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/01/22 13:35:21 | 000,013,902 | ---- | C] () -- C:\Windows\scunin.dat

[2012/01/12 11:12:25 | 000,000,042 | ---- | C] () -- C:\Users\Hud\jagex_cl_runescape_LIVE.dat

[2012/01/12 11:12:25 | 000,000,024 | ---- | C] () -- C:\Users\Hud\random.dat

[2010/12/09 19:38:41 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010/12/09 18:56:23 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat

[2010/12/09 18:42:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010/09/21 10:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/01/22 14:51:17 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\Ascaron Entertainment

[2011/03/02 02:32:28 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\AVG10

[2011/02/27 17:20:30 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\Blio

[2011/03/06 11:41:55 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\CometPlayer

[2011/02/27 18:01:29 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\GrabPro

[2012/06/20 23:12:29 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\IrfanView

[2012/06/18 18:43:57 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\Moyea

[2012/06/21 08:21:19 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\Orbit

[2011/02/27 17:11:21 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\PictureMover

[2011/02/27 18:01:32 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\ProgSense

[2011/02/27 18:27:05 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\tigerplayer

[2011/12/05 19:27:16 | 000,000,000 | ---D | M] -- C:\Users\Hud\AppData\Roaming\WinBatch

[2011/03/26 07:13:31 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\AVG10

[2012/03/14 12:16:38 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\Flip Video

[2012/06/20 23:12:28 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\IrfanView

[2012/01/12 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\Orbit

[2011/02/27 20:23:59 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\PictureMover

[2011/02/28 11:33:11 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\ProgSense

[2011/02/27 20:25:50 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\TigerPlayer

[2011/02/28 11:34:57 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\WildTangent

[2011/07/26 07:35:32 | 000,000,000 | ---D | M] -- C:\Users\Renee\AppData\Roaming\Windows Live Writer

[2012/06/15 07:51:56 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 6/22/2012 9:09:49 AM - Run 1

OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Hud\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 67.69% Memory free

7.50 Gb Paging File | 6.15 Gb Available in Paging File | 81.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 918.16 Gb Total Space | 866.74 Gb Free Space | 94.40% Space Free | Partition Type: NTFS

Drive D: | 13.25 Gb Total Space | 1.63 Gb Free Space | 12.31% Space Free | Partition Type: NTFS

Computer Name: HUD-HP | User Name: Hud | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{61A3F855-4587-4187-9D77-2EF8CD825A47}" = AVG 2011

"{64E6D73F-707A-4817-8C2F-5BA9CB4B9CD8}" = AVG 2011

"{7C7A5A92-046C-A38C-AE0F-8F9CCA0F67A8}" = ATI Catalyst Install Manager

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A40F60B1-F1E1-452E-96A5-FF97F9A2D102}" = HP MediaSmart SmartMenu

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{FD9560A8-CB02-1F28-CB9C-487244A28A8B}" = ccc-utility64

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit

"AVG" = AVG 2011

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0655C185-FD48-5EBA-484A-CD530291F44D}" = CCC Help Hungarian

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0BF71387-5AFD-F71B-7353-3AEBD3E8F5F3}" = Catalyst Control Center Graphics Full Existing

"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery

"{0E1C256F-6B90-E5A5-F62E-5DAE1AEAE294}" = ccc-core-static

"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1B01541D-B1B8-8B7E-E82B-70551A1AF961}" = CCC Help Chinese Standard

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{22139F5D-9405-455A-BDEB-658B1A4E4861}" = Catalyst Control Center - Branding

"{26070CDA-A7C5-2114-0533-38DE06C65E7F}" = CCC Help Polish

"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover

"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java 6 Update 29

"{2726B6FF-D8F9-8F29-2A7D-8192AAE79D3F}" = Catalyst Control Center Localization All

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2EA3D6B2-157E-4112-A3AB-BF17E16661C3}" = HP MediaSmart/TouchSmart Netflix

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{3088B508-7EE1-EC64-4FFD-C4901378CE7D}" = CCC Help Russian

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3778B802-8E2C-04B0-2C1B-7C2A8F981824}" = CCC Help Finnish

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4

"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software

"{48CA048A-3C5B-391E-7FF0-F36F434CB1B6}" = CCC Help Thai

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio

"{52CD3425-C5E8-C49D-B776-AC85F018C0F6}" = Catalyst Control Center Graphics Previews Vista

"{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{597CE475-4F62-89EE-A81E-DB509DA0CBB2}" = CCC Help English

"{5E7A925A-CCE1-4ED5-A0DD-4A821A3F9BC2}" = Catalyst Control Center Core Implementation

"{674DAE26-3C3C-2D20-1BB4-82B380142E78}" = CCC Help Greek

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A9EF47E-D49A-2EFC-20A1-A92DE7F826DF}" = CCC Help Czech

"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7A9C67EF-05A8-499F-56A2-C467A4FE6DEE}" = CCC Help Italian

"{7DA0C5CE-9817-CDB2-F061-F72D0CB6EEB3}" = CCC Help German

"{7DB63154-92A4-12AE-364F-DE9C7B459720}" = CCC Help Spanish

"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2A81D8-AABF-673B-08BE-EF7A80295F14}" = CCC Help French

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{912CED74-88D3-4C5B-ACB0-13231864975E}" = PressReader

"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{97C658D2-61FB-027F-0D76-E9CDC84AFEC7}" = FlipShare

"{981F6BCD-252E-6A64-9C6D-4E3B10B1B126}" = Catalyst Control Center InstallProxy

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7CEA571-43AC-95FE-4F08-22C401FC2824}" = CCC Help Japanese

"{A826CCC4-C0BA-97B4-F1DB-E68CD45D1133}" = CCC Help Danish

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC9A3F48-8936-40CD-A0B2-7CFA76906143}" = Catalyst Control Center Graphics Full New

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager

"{B68D391C-32C6-798E-C78F-83C1797B162A}" = CCC Help Swedish

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DC47D46D-8874-D83A-6612-9DA3175861B2}" = CCC Help Korean

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update

"{DF09BCD9-3556-77A6-8984-1CA95F8E1078}" = CCC Help Portuguese

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0DE2996-A443-5FEA-30B7-9395E0F3A7CC}" = CCC Help Chinese Traditional

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EDFA892D-594D-C921-35FF-B6E5CFD2487C}" = CCC Help Dutch

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F56BBEB1-E982-0A07-0004-1CBC8E5B534E}" = CCC Help Turkish

"{F600ED39-BA0C-A127-EAB7-057DF0A327E0}" = CCC Help Norwegian

"{F84B7A2F-2328-A610-89F6-2CC78CF00FFE}" = Catalyst Control Center Graphics Light

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows

"ESET Online Scanner" = ESET Online Scanner v3

"eSupport UndeletePlus_is1" = eSupport UndeletePlus 3.0.2.406

"EXCEL" = Microsoft Office Excel 2007

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo

"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"IrfanView" = IrfanView (remove only)

"Kobo" = Kobo

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)

"MpcStar" = MpcStar 5.0

"My HP Game Console" = HP Game Console

"PDF Complete" = PDF Complete Special Edition

"Starcraft" = Starcraft

"WildTangent hp Master Uninstall" = HP Games

"WinLiveSuite" = Windows Live Essentials

"WORD" = Microsoft Office Word 2007

"WT087328" = Blackhawk Striker 2

"WT087330" = Bounce Symphony

"WT087335" = Build-a-lot 2

"WT087343" = Dora's World Adventure

"WT087360" = Escape Rosecliff Island

"WT087361" = FATE

"WT087362" = Final Drive Nitro

"WT087372" = Heroes of Hellas 2 - Olympia

"WT087379" = Jewel Quest Solitaire 2

"WT087394" = Penguins!

"WT087395" = Poker Superstars III

"WT087396" = Polar Bowler

"WT087397" = Polar Golfer

"WT087414" = Virtual Families

"WT087415" = Wheel of Fortune 2

"WT087428" = Bejeweled 2 Deluxe

"WT087453" = Chuzzle Deluxe

"WT087501" = Plants vs. Zombies

"WT087533" = Zuma Deluxe

"WT087536" = Diner Dash 2 Restaurant Rescue

"WT089299" = Mystery P.I. - The London Caper

"WT089307" = Virtual Villagers 4 - The Tree of Life

"WT089308" = Blasterball 3

"WT089328" = Farm Frenzy

"WT089359" = Cake Mania

"WT089362" = Agatha Christie - Peril at End House

"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3537228672-3584438683-667650786-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"HuluDesktop" = Hulu Desktop

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 4/15/2012 4:41:15 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 4/15/2012 5:08:31 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 4/21/2012 3:20:36 AM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 4/24/2012 1:51:18 AM | Computer Name = Hud-HP | Source = EventSystem | ID = 4621

Description =

Error - 5/9/2012 4:38:02 PM | Computer Name = Hud-HP | Source = Application Error | ID = 1000

Description = Faulting application name: wlmail.exe, version: 15.4.3502.922, time

stamp: 0x4c9b06aa Faulting module name: wlupdate.15.4.120.0.dll_unloaded, version:

0.0.0.0, time stamp: 0x4f59675f Exception code: 0xc0000005 Fault offset: 0x63cdcfa2

Faulting

process id: 0x1200 Faulting application start time: 0x01cd2e233dc2af51 Faulting application

path: C:\Program Files (x86)\Windows Live\Mail\wlmail.exe Faulting module path:

wlupdate.15.4.120.0.dll Report Id: def040c2-9a16-11e1-b62b-6431501fe695

Error - 6/4/2012 6:10:13 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 6/4/2012 6:10:20 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 6/4/2012 6:32:22 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 6/4/2012 6:32:27 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 6/4/2012 6:32:29 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

Error - 6/4/2012 6:54:48 PM | Computer Name = Hud-HP | Source = VSS | ID = 8193

Description =

[ System Events ]

Error - 6/11/2012 2:42:29 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/12/2012 12:25:28 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/12/2012 12:25:32 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/13/2012 11:45:41 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/13/2012 11:45:42 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/14/2012 11:44:53 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/14/2012 11:44:55 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/14/2012 3:40:20 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/14/2012 6:11:01 PM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 6/15/2012 12:59:37 AM | Computer Name = Hud-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR1.

< End of report >

Link to post
Share on other sites

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    O3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
    [2012/06/21 10:11:54 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@
    [2012/06/20 21:16:31 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@
    [2012/06/20 21:16:09 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@
    [2012/06/20 21:14:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@
    [2012/06/20 14:56:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@
    [2012/06/20 14:54:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@
    [2012/06/20 14:54:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@
    [2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@
    [2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@

    :files
    C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}
    C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

Maniac,

I was finally able to get back to this site. The redirects were preventing me from doing so until now. Here are the logs:

All processes killed

Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFIE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFIE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDFO3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.[2012/06/21 10:11:54 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@[2012/06/20 21:16:31 | 000,088,064 | ---- | C] () -- C:\Windo> in the current context!

Error: Unable to interpret <ws\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@[2012/06/20 21:16:09 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@[2012/06/20 21:14:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@[2012/06/20 14:56:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@[2012/06/20 14:54:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@[2012/06/20 14:54:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@:filesC:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}C:\Users\Hud\AppData\Local\{867c9da7> in the current context!

Error: Unable to interpret <-cc7e-73cf-70e4-e539ad2b5b89}ipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.51.0 log created on 06252012_120002

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.20.07

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Hud :: HUD-HP [administrator]

6/25/2012 1:19:33 PM

mbam-log-2012-06-25 (13-19-33).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 228052

Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Your script was not activated. Every entrie should be on a new line. Your script in OTL should looks like this:

:OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
O3 - HKU\S-1-5-21-3537228672-3584438683-667650786-1001\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
[2012/06/21 10:11:54 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@
[2012/06/20 21:16:31 | 000,088,064 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@
[2012/06/20 21:16:09 | 000,081,408 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@
[2012/06/20 21:14:30 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@
[2012/06/20 14:56:19 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@
[2012/06/20 14:54:50 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@
[2012/06/20 14:54:50 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@
[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@
[2012/04/02 12:45:20 | 000,002,048 | -HS- | C] () -- C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@

:files
C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}
C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}
ipconfig /flushdns /c

:Commands
[emptytemp]
[clearallrestorepoints]

Please repeat both steps.

Link to post
Share on other sites

Done. AVG Shield is still popping up with dropper warning. Here are the logs again:

All processes killed

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_USERS\S-1-5-21-3537228672-3584438683-667650786-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

Registry value HKEY_USERS\S-1-5-21-3537228672-3584438683-667650786-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37153479-1976-43C3-A1EE-557513977B64} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}\ not found.

File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000008.@ not found.

File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000032.@ not found.

File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000064.@ not found.

File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\80000000.@ not found.

File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L\00000004.@ not found.

File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\00000004.@ not found.

File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U\000000cb.@ not found.

File C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@ not found.

File C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\@ not found.

========== FILES ==========

C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U folder moved successfully.

C:\Windows\Installer\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89} folder moved successfully.

C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\U folder moved successfully.

C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89}\L folder moved successfully.

C:\Users\Hud\AppData\Local\{867c9da7-cc7e-73cf-70e4-e539ad2b5b89} folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Hud\Desktop\cmd.bat deleted successfully.

C:\Users\Hud\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Hud

->Temp folder emptied: 2444171 bytes

->Temporary Internet Files folder emptied: 227652975 bytes

->Java cache emptied: 11937648 bytes

->FireFox cache emptied: 63243462 bytes

->Flash cache emptied: 42126 bytes

User: Public

User: Renee

->Temp folder emptied: 302170741 bytes

->Temporary Internet Files folder emptied: 67651920 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 244736992 bytes

->Flash cache emptied: 100173 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 107552 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 50605 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 5293332 bytes

Total Files Cleaned = 883.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.51.0 log created on 06252012_143021

Files\Folders moved on Reboot...

C:\Users\Hud\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.20.07

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Hud :: HUD-HP [administrator]

6/25/2012 2:37:56 PM

mbam-log-2012-06-25 (14-37-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223861

Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

My apologies. Step two re-accomplished:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.25.10

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Hud :: HUD-HP [administrator]

6/25/2012 4:59:27 PM

mbam-log-2012-06-25 (16-59-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 224793

Time elapsed: 1 minute(s), 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Thanks!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.