Jump to content

Recommended Posts

I am in need of removing BcMiner. Although i ran the scan and restarted my computer it is still there.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33

Run by Logan at 22:52:10 on 2012-06-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.10220.7840 [GMT -7:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\IDT\WDM\beats64.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe

C:\Users\Logan\AppData\Local\Apps\2.0\VLZPKW0P.9DK\QL4XEQEV.76A\curs..tion_eee711038731a406_0004.0000_d322ecea565577c8\CurseClient.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [Facebook Update] "C:\Users\Logan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe

mRun: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DEVICE~1.LNK - C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: DhcpNameServer = 216.134.160.6 216.134.160.13

TCP: Interfaces\{235E6ACB-91FD-4850-90F5-BDDBF807D0C4} : DhcpNameServer = 216.134.160.6 216.134.160.13

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

mRun-x64: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe

mRun-x64: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\ufiut2je.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll

FF - plugin: C:\Users\Logan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\ufiut2je.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc -

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2011-7-20 945200]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2011-7-20 463408]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-20 89600]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe [2012-6-11 130008]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 1262400]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-7-20 1127448]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-20 2656280]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-20 132656]

R3 HCW723x;Hauppauge WinTV 723x PCIe Card;C:\Windows\system32\DRIVERS\HCW723x.sys --> C:\Windows\system32\DRIVERS\HCW723x.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 tihub3;TI USB3 Hub Service;C:\Windows\system32\drivers\tihub3.sys --> C:\Windows\system32\drivers\tihub3.sys [?]

R3 tixhci;TI XHCI Service;C:\Windows\system32\drivers\tixhci.sys --> C:\Windows\system32\drivers\tixhci.sys [?]

S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/20 17:06:30;C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-23 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 257224]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-23 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-29 04:59:55 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-06-29 02:32:50 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-06-28 22:00:51 -------- d-----w- C:\Users\Logan\AppData\Local\{5A5B9A93-DAE1-4ACF-BBED-053FF2E1B583}

2012-06-28 22:00:42 -------- d-----w- C:\Users\Logan\AppData\Local\{8B92C04F-9D27-475A-B59C-C9234554354E}

2012-06-26 16:44:16 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8995ACC-2628-4EA5-8ED2-F915468E2E1B}\mpengine.dll

2012-06-24 17:04:09 -------- d-----w- C:\Users\Logan\AppData\Local\{C0015FE9-7F7D-400D-ACC4-71B4A456C315}

2012-06-24 17:03:59 -------- d-----w- C:\Users\Logan\AppData\Local\{73644B39-D348-4613-8FDE-D2E6959CFC13}

2012-06-23 18:56:59 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared

2012-06-23 18:56:51 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-06-23 18:56:51 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-06-23 17:00:14 -------- d-----w- C:\Users\Logan\AppData\Local\Real

2012-06-23 16:59:09 -------- d-----w- C:\Users\Logan\AppData\Local\Google

2012-06-23 06:17:52 -------- d-----w- C:\Users\Logan\AppData\Local\Macromedia

2012-06-22 23:15:34 -------- d-----w- C:\Users\Logan\AppData\Local\{368EB99F-55DA-4986-811B-6266748B9C80}

2012-06-22 23:15:25 -------- d-----w- C:\Users\Logan\AppData\Local\{1ECAA16A-D024-460D-9E67-7EAD00666125}

2012-06-22 16:40:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-22 16:39:40 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-22 16:39:27 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-22 16:39:27 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-21 23:06:10 -------- d-----w- C:\Users\Logan\AppData\Local\{3D826977-360F-4B4B-BEFD-4A4F221FA3B3}

2012-06-21 23:06:00 -------- d-----w- C:\Users\Logan\AppData\Local\{CEF56B90-3473-4EA1-9029-08B03034E086}

2012-06-20 03:40:24 -------- d-----w- C:\Users\Logan\AppData\Local\{40FD6BE8-78F3-4275-9128-AF1D4255BE78}

2012-06-20 03:40:14 -------- d-----w- C:\Users\Logan\AppData\Local\{4B591A44-EB82-43FD-9AC0-5341FBF7950A}

2012-06-16 19:05:52 -------- d-----w- C:\Users\Logan\AppData\Local\{A9936D5E-3158-4A21-B218-780BF0364126}

2012-06-14 22:19:58 -------- d-----w- C:\Users\Logan\AppData\Local\{4B2AD133-B4B1-43E0-AD87-DA8C719EDD4E}

2012-06-14 22:19:48 -------- d-----w- C:\Users\Logan\AppData\Local\{4F7F007E-AE61-4157-A7B8-DFD57911F34C}

2012-06-13 18:00:42 -------- d-----w- C:\Users\Logan\AppData\Local\{24C50ECA-397B-4059-94D4-F4A73425A5DE}

2012-06-13 18:00:32 -------- d-----w- C:\Users\Logan\AppData\Local\{1610EB2C-52C7-48F6-BC6C-298F83CD0DF3}

2012-06-11 22:08:53 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys

2012-06-11 22:08:53 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtsp64.sys

2012-06-11 22:08:53 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys

2012-06-11 22:08:53 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtspx64.sys

2012-06-11 22:08:53 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys

2012-06-11 22:08:53 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys

2012-06-11 22:08:47 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207020.003

2012-06-11 16:23:25 -------- d-----w- C:\Users\Logan\AppData\Local\{C6666F80-0D80-4DEA-9C70-81538BED66F5}

2012-06-11 16:23:16 -------- d-----w- C:\Users\Logan\AppData\Local\{314E50F9-B5DA-4F90-B2AA-C05B950F4098}

2012-06-09 20:09:38 -------- d-----w- C:\Users\Logan\AppData\Local\{E9BD5FFA-B3D8-469D-831E-DD88A3D5BA82}

2012-06-09 20:09:28 -------- d-----w- C:\Users\Logan\AppData\Local\{4A8D2408-7C91-4591-AB47-8CB1A243F3F3}

2012-06-08 19:32:32 -------- d-----w- C:\Users\Logan\AppData\Local\{2F0467CB-6400-4081-ACCD-9F4EB1A3D5A3}

2012-06-08 19:32:23 -------- d-----w- C:\Users\Logan\AppData\Local\{D12A4357-B181-4863-9916-8DDE94957272}

2012-06-07 16:38:49 -------- d-----w- C:\Users\Logan\AppData\Local\{CCF2085C-865B-4EDD-834B-0DF72135F0A0}

2012-06-07 16:38:39 -------- d-----w- C:\Users\Logan\AppData\Local\{D19D88FB-883A-4D00-BED8-3B21AB50BF5F}

2012-06-07 04:56:41 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-07 04:56:41 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-07 04:07:17 -------- d-----w- C:\Users\Logan\AppData\Local\{08C6CC9F-569F-4159-AD05-985442E10FBE}

2012-06-07 04:07:07 -------- d-----w- C:\Users\Logan\AppData\Local\{D8325C60-0337-46EA-826F-C2E7FD1D7FD1}

2012-06-03 07:16:46 -------- d-----w- C:\Users\Logan\AppData\Local\{03C06388-0CEA-47B4-BA59-D6A8233452BF}

2012-06-03 07:16:36 -------- d-----w- C:\Users\Logan\AppData\Local\{37073567-46D1-4F6B-B1DE-A1A6FFCCF122}

.

==================== Find3M ====================

.

2012-06-29 04:59:48 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-29 01:40:42 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-29 01:40:42 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-28 21:03:51 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-06-28 21:03:51 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-06-28 21:03:15 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-05-15 10:48:00 949056 ----a-w- C:\Windows\System32\nvumdshimx.dll

2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-05-15 09:29:45 2621723 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 22:52:27.43 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 10/28/2011 3:24:20 PM

System Uptime: 6/28/2012 10:09:12 PM (0 hours ago)

.

Motherboard: PEGATRON CORPORATION | | 2AB5

Processor: Intel® Core i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1386 GiB total, 1260.894 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.421 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP106: 6/22/2012 9:39:06 AM - Windows Update

RP107: 6/26/2012 9:43:40 AM - Windows Update

RP108: 6/28/2012 9:58:52 PM - Installed Java 6 Update 33

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Agatha Christie - Peril at End House

Apple Application Support

Apple Software Update

Audacity 2.0

Battlefield 3™

Battlelog Web Plugins

Bejeweled 2 Deluxe

Bejeweled 3

Blackhawk Striker 2

Blasterball 3

Blio

Bounce Symphony

Build-a-lot 2

Cake Mania

Canon IJ Network Scanner Selector EX

Canon IJ Network Tool

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MX880 series User Registration

Chuzzle Deluxe

Counter-Strike: Source

Curse Client

CyberLink PowerDVD 10

D3DX10

Diner Dash 2 Restaurant Rescue

Dora's World Adventure

ESN Sonar

Everio MediaBrowser 3

Facebook Video Calling 1.2.0.159

Farm Frenzy

FATE - The Traitor Soul

Fraps (remove only)

GIMP 2.6.11

Google Chrome

Google Update Helper

Hewlett-Packard ACLM.NET v1.1.2.0

HP Customer Experience Enhancements

HP Games

HP Keyboard

HP LinkUp

HP MediaSmart/TouchSmart Netflix

HP MovieStore

HP Odometer

HP Remote Solution

HP Setup

HP Setup Manager

HP Support Assistant

HP Support Information

HP Update

Hulu Desktop

IDT Audio

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 33

Junk Mail filter update

Kobo

LabelPrint

Mah Jong Medley

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery P.I. - Stolen in San Francisco

Namco All-Stars PAC-MAN

Norton Internet Security

Norton Online Backup

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Origin

Pando Media Booster

PDF Complete Special Edition

Penguins!

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

PressReader

PunkBuster Services

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Recovery Manager

Remote Graphics Receiver

RoxioNow Player

SaveVid Plug-in

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.5

Slingo Supreme

Steam

System Requirements Lab

TuxGuitar

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

Virtual Villagers 4 - The Tree of Life

Wheel of Fortune 2

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

World of Tanks v.0.6.7

World of Warcraft

Zinio Reader 4

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

6/28/2012 10:10:03 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

6/28/2012 10:10:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

6/28/2012 10:09:44 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

6/28/2012 10:09:44 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

6/28/2012 10:09:40 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Oregon503! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall µTorrent, because of our rules:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

OTL logfile created on: 6/29/2012 3:17:09 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Logan\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.98 Gb Total Physical Memory | 8.17 Gb Available Physical Memory | 81.89% Memory free

19.96 Gb Paging File | 17.45 Gb Available in Paging File | 87.42% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1385.55 Gb Total Space | 1258.86 Gb Free Space | 90.86% Space Free | Partition Type: NTFS

Drive D: | 11.62 Gb Total Space | 1.42 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: LOGAN-HP | User Name: Logan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 15:13:37 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Logan\Downloads\OTL.exe

PRC - [2012/06/23 11:56:51 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

PRC - [2012/06/16 12:03:00 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/02/14 18:40:41 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011/11/04 10:51:12 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe

PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2011/02/01 01:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe

PRC - [2011/02/01 00:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/02/01 00:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

PRC - [2010/11/23 20:31:24 | 002,069,504 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe

PRC - [2010/09/09 15:38:16 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

PRC - [2010/09/06 12:23:52 | 000,542,064 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\MBCameraMonitor.exe

PRC - [2010/07/27 02:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe

PRC - [2009/08/24 19:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe

PRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe

PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/16 12:03:00 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2012/05/15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

MOD - [2011/11/04 10:51:12 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/20 20:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

MOD - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\ModLEDKey.exe

MOD - [2009/02/19 17:22:50 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\WMINPUT.dll

MOD - [2004/09/09 17:13:00 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\Everio MediaBrowser 3\pxl_m17n_tool.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/26 10:52:00 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/03/02 11:42:00 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV - [2012/06/28 18:40:42 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/20 09:36:01 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/06/16 12:03:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/05/15 03:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/05/15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/02/14 18:40:41 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)

SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2011/02/01 01:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2011/02/01 00:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2011/02/01 00:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2011/01/25 13:56:32 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)

SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/07/27 02:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/18 10:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/28 15:22:43 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/04/20 18:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symnets.sys -- (SymNetS)

DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/22 10:00:28 | 000,382,024 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)

DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\symds64.sys -- (SymDS)

DRV:64bit: - [2011/01/26 22:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207020.003\ironx64.sys -- (SymIRON)

DRV:64bit: - [2011/01/26 10:52:00 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/01/17 22:22:36 | 000,125,552 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)

DRV:64bit: - [2010/12/28 12:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/05 11:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/11/04 21:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)

DRV:64bit: - [2010/10/19 04:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2009/12/15 18:53:20 | 001,799,552 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW723x.sys -- (HCW723x)

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2011/03/04 01:00:00 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110304.002\ex64.sys -- (NAVEX15)

DRV - [2011/03/04 01:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2011/03/04 01:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2011/03/04 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110304.002\eng64.sys -- (NAVENG)

DRV - [2010/08/08 20:11:49 | 000,945,200 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys -- (BHDrvx64)

DRV - [2010/06/26 21:05:05 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys -- (IDSVia64)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{54AD39B9-8197-4F03-A40E-FFBDEB176E27}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

IE - HKLM\..\SearchScopes\{54AD39B9-8197-4F03-A40E-FFBDEB176E27}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\..\SearchScopes\{54AD39B9-8197-4F03-A40E-FFBDEB176E27}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1

IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll File not found

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Logan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/11/01 07:47:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_9_4 [2012/06/29 08:24:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 12:03:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 12:03:00 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/28 14:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Logan\AppData\Roaming\Mozilla\Extensions

[2012/05/30 16:47:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\ufiut2je.default\extensions

[2012/05/30 16:47:05 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\ufiut2je.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2012/06/28 21:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/06/28 21:59:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

[2012/06/16 12:03:00 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/02/18 09:47:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/02/18 09:47:24 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Logan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll

CHR - Extension: uTorrentBar = C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\

CHR - Extension: YouTube = C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Gmail = C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O4:64bit: - HKLM..\Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )

O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bATINDICATOR] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe File not found

O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)

O4 - HKLM..\Run: [iJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)

O4 - HKLM..\Run: [LaunchHPOSIAPP] C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\LaunchApp.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)

O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2403722706-734991845-1093604984-1000..\Run: [Facebook Update] C:\Users\Logan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-2403722706-734991845-1093604984-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\S-1-5-21-2403722706-734991845-1093604984-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-2403722706-734991845-1093604984-1004..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-2403722706-734991845-1093604984-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Logan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm ()

O8 - Extra context menu item: Save video on Savevid.com - C:\Program Files (x86)\Savevid\redirect.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.134.160.6 216.134.160.13

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{235E6ACB-91FD-4850-90F5-BDDBF807D0C4}: DhcpNameServer = 216.134.160.6 216.134.160.13

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 22:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/06/28 21:59:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/06/28 21:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2012/06/28 19:32:50 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/06/28 15:00:51 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{5A5B9A93-DAE1-4ACF-BBED-053FF2E1B583}

[2012/06/28 15:00:42 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{8B92C04F-9D27-475A-B59C-C9234554354E}

[2012/06/24 10:04:09 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{C0015FE9-7F7D-400D-ACC4-71B4A456C315}

[2012/06/24 10:03:59 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{73644B39-D348-4613-8FDE-D2E6959CFC13}

[2012/06/23 11:56:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared

[2012/06/23 11:56:52 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2012/06/23 11:56:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks

[2012/06/23 10:00:14 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\Real

[2012/06/23 09:59:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/06/23 09:59:09 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\Google

[2012/06/23 09:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/06/22 23:17:52 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\Macromedia

[2012/06/22 16:15:34 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{368EB99F-55DA-4986-811B-6266748B9C80}

[2012/06/22 16:15:25 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{1ECAA16A-D024-460D-9E67-7EAD00666125}

[2012/06/21 16:06:10 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{3D826977-360F-4B4B-BEFD-4A4F221FA3B3}

[2012/06/21 16:06:00 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{CEF56B90-3473-4EA1-9029-08B03034E086}

[2012/06/19 20:40:24 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{40FD6BE8-78F3-4275-9128-AF1D4255BE78}

[2012/06/19 20:40:14 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{4B591A44-EB82-43FD-9AC0-5341FBF7950A}

[2012/06/16 12:05:52 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{A9936D5E-3158-4A21-B218-780BF0364126}

[2012/06/14 15:19:58 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{4B2AD133-B4B1-43E0-AD87-DA8C719EDD4E}

[2012/06/14 15:19:48 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{4F7F007E-AE61-4157-A7B8-DFD57911F34C}

[2012/06/13 11:00:42 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{24C50ECA-397B-4059-94D4-F4A73425A5DE}

[2012/06/13 11:00:32 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{1610EB2C-52C7-48F6-BC6C-298F83CD0DF3}

[2012/06/11 09:23:25 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{C6666F80-0D80-4DEA-9C70-81538BED66F5}

[2012/06/11 09:23:16 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{314E50F9-B5DA-4F90-B2AA-C05B950F4098}

[2012/06/09 13:09:38 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{E9BD5FFA-B3D8-469D-831E-DD88A3D5BA82}

[2012/06/09 13:09:28 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{4A8D2408-7C91-4591-AB47-8CB1A243F3F3}

[2012/06/08 12:32:32 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{2F0467CB-6400-4081-ACCD-9F4EB1A3D5A3}

[2012/06/08 12:32:23 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{D12A4357-B181-4863-9916-8DDE94957272}

[2012/06/07 09:38:49 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{CCF2085C-865B-4EDD-834B-0DF72135F0A0}

[2012/06/07 09:38:39 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{D19D88FB-883A-4D00-BED8-3B21AB50BF5F}

[2012/06/06 21:07:17 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{08C6CC9F-569F-4159-AD05-985442E10FBE}

[2012/06/06 21:07:07 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{D8325C60-0337-46EA-826F-C2E7FD1D7FD1}

[2012/06/03 00:16:46 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{03C06388-0CEA-47B4-BA59-D6A8233452BF}

[2012/06/03 00:16:36 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Local\{37073567-46D1-4F6B-B1DE-A1A6FFCCF122}

[2012/06/01 13:10:55 | 000,000,000 | ---D | C] -- C:\Users\Logan\AppData\Roaming\WinRAR

[2012/06/01 13:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/29 15:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/29 15:09:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/29 15:04:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/29 13:17:32 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2403722706-734991845-1093604984-1000UA.job

[2012/06/29 10:09:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/29 08:33:06 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/29 08:33:06 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/29 08:24:15 | 3742,613,503 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/28 21:50:03 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2403722706-734991845-1093604984-1000Core.job

[2012/06/28 18:55:18 | 000,468,110 | ---- | M] () -- C:\Users\Logan\Desktop\bike.jpg

[2012/06/28 15:12:04 | 000,181,278 | ---- | M] () -- C:\Users\Logan\Desktop\snap.png

[2012/06/28 14:19:30 | 038,854,067 | ---- | M] () -- C:\Users\Logan\Desktop\04076.wmv

[2012/06/28 14:16:41 | 013,213,659 | ---- | M] () -- C:\Users\Logan\Desktop\04075.wmv

[2012/06/28 14:15:48 | 013,813,671 | ---- | M] () -- C:\Users\Logan\Desktop\04072.wmv

[2012/06/28 14:14:25 | 023,413,821 | ---- | M] () -- C:\Users\Logan\Desktop\04070.wmv

[2012/06/28 14:13:06 | 038,910,067 | ---- | M] () -- C:\Users\Logan\Desktop\04069.wmv

[2012/06/28 14:11:12 | 016,781,719 | ---- | M] () -- C:\Users\Logan\Desktop\04068.wmv

[2012/06/28 14:10:08 | 040,750,097 | ---- | M] () -- C:\Users\Logan\Desktop\04066.wmv

[2012/06/28 14:07:35 | 032,733,971 | ---- | M] () -- C:\Users\Logan\Desktop\04065.wmv

[2012/06/28 14:05:28 | 023,589,827 | ---- | M] () -- C:\Users\Logan\Desktop\04064.wmv

[2012/06/28 14:03:51 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/06/28 14:03:51 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/06/28 14:03:15 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/06/28 13:59:35 | 045,334,175 | ---- | M] () -- C:\Users\Logan\Desktop\04051.wmv

[2012/06/28 13:56:41 | 055,350,331 | ---- | M] () -- C:\Users\Logan\Desktop\04049.wmv

[2012/06/28 13:47:20 | 013,589,671 | ---- | M] () -- C:\Users\Logan\Desktop\04042.wmv

[2012/06/25 15:13:50 | 000,008,207 | ---- | M] () -- C:\Users\Logan\.recently-used.xbel

[2012/06/23 11:57:04 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk

[2012/06/23 11:56:52 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2012/06/23 10:09:40 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/06/23 09:59:24 | 000,002,241 | ---- | M] () -- C:\Users\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/06/22 09:40:27 | 001,541,886 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1207020.003\Cat.DB

[2012/06/21 21:55:58 | 000,251,929 | ---- | M] () -- C:\Users\Logan\Documents\how to.wma

[2012/06/19 20:25:56 | 099,071,039 | ---- | M] () -- C:\Users\Logan\Desktop\03995.wmv

[2012/06/19 14:44:57 | 000,203,915 | ---- | M] () -- C:\Users\Logan\Desktop\top comment.JPG

[2012/06/16 21:52:57 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLogan.job

[2012/06/13 20:55:02 | 000,001,439 | ---- | M] () -- C:\Users\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/06/13 20:51:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/06/13 20:51:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2012/06/13 19:22:26 | 000,276,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/13 18:33:11 | 000,793,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/13 18:33:11 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/13 18:33:11 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/13 15:33:14 | 120,543,375 | ---- | M] () -- C:\Users\Logan\Desktop\03886.wmv

[2012/06/13 15:25:49 | 097,879,009 | ---- | M] () -- C:\Users\Logan\Desktop\colatera.wmv

[2012/06/12 21:08:22 | 223,313,007 | ---- | M] () -- C:\Users\Logan\Desktop\03866.wmv

[2012/06/12 16:13:01 | 034,069,995 | ---- | M] () -- C:\Users\Logan\Desktop\03852.wmv

[2012/06/12 09:58:12 | 010,869,623 | ---- | M] () -- C:\Users\Logan\Desktop\03847.wmv

[2012/06/12 09:57:28 | 096,294,985 | ---- | M] () -- C:\Users\Logan\Desktop\03846.wmv

[2012/06/12 09:48:37 | 036,694,037 | ---- | M] () -- C:\Users\Logan\Desktop\03831.wmv

[2012/06/12 09:37:14 | 054,326,313 | ---- | M] () -- C:\Users\Logan\Desktop\03790.wmv

[2012/06/09 20:34:13 | 000,277,292 | ---- | M] () -- C:\Users\Logan\Desktop\background.jpg

[2012/06/09 17:42:38 | 000,015,078 | ---- | M] () -- C:\Users\Logan\Desktop\Tank Parts.wlmp

[2012/06/09 14:27:19 | 008,698,702 | ---- | M] () -- C:\Users\Logan\Desktop\03 Set Me Free (Original Mix) Feat. Susana Villarreal.mp3

[2012/06/09 14:13:51 | 008,531,517 | ---- | M] () -- C:\Users\Logan\Desktop\01 Take It (Original Mix).mp3

[2012/06/09 14:13:28 | 007,937,979 | ---- | M] () -- C:\Users\Logan\Desktop\02 How We Live (Original Mix) Feat. Raiser Torres.mp3

[2012/06/08 20:15:15 | 003,662,190 | ---- | M] () -- C:\Users\Logan\Desktop\Shinedown - Devour (Official Music Video).mp3

[2012/06/07 19:08:38 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1207020.003\isolate.ini

[2012/06/01 13:10:55 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\WinRAR.lnk

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/29 08:54:40 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\00000008.@

[2012/06/28 18:55:17 | 000,468,110 | ---- | C] () -- C:\Users\Logan\Desktop\bike.jpg

[2012/06/28 18:40:16 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\80000064.@

[2012/06/28 18:40:16 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\L\00000004.@

[2012/06/28 18:40:15 | 000,088,576 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\80000032.@

[2012/06/28 18:40:15 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\80000000.@

[2012/06/28 18:40:14 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\00000004.@

[2012/06/28 18:40:14 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\000000cb.@

[2012/06/28 15:12:04 | 000,181,278 | ---- | C] () -- C:\Users\Logan\Desktop\snap.png

[2012/06/28 14:16:41 | 038,854,067 | ---- | C] () -- C:\Users\Logan\Desktop\04076.wmv

[2012/06/28 14:15:48 | 013,213,659 | ---- | C] () -- C:\Users\Logan\Desktop\04075.wmv

[2012/06/28 14:15:04 | 013,813,671 | ---- | C] () -- C:\Users\Logan\Desktop\04072.wmv

[2012/06/28 14:13:07 | 023,413,821 | ---- | C] () -- C:\Users\Logan\Desktop\04070.wmv

[2012/06/28 14:11:13 | 038,910,067 | ---- | C] () -- C:\Users\Logan\Desktop\04069.wmv

[2012/06/28 14:10:09 | 016,781,719 | ---- | C] () -- C:\Users\Logan\Desktop\04068.wmv

[2012/06/28 14:07:35 | 040,750,097 | ---- | C] () -- C:\Users\Logan\Desktop\04066.wmv

[2012/06/28 14:05:29 | 032,733,971 | ---- | C] () -- C:\Users\Logan\Desktop\04065.wmv

[2012/06/28 14:03:39 | 023,589,827 | ---- | C] () -- C:\Users\Logan\Desktop\04064.wmv

[2012/06/28 13:56:41 | 045,334,175 | ---- | C] () -- C:\Users\Logan\Desktop\04051.wmv

[2012/06/28 13:53:31 | 055,350,331 | ---- | C] () -- C:\Users\Logan\Desktop\04049.wmv

[2012/06/28 13:46:26 | 013,589,671 | ---- | C] () -- C:\Users\Logan\Desktop\04042.wmv

[2012/06/25 15:13:50 | 000,008,207 | ---- | C] () -- C:\Users\Logan\.recently-used.xbel

[2012/06/23 11:57:04 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk

[2012/06/23 09:59:24 | 000,002,342 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/06/23 09:59:24 | 000,002,241 | ---- | C] () -- C:\Users\Logan\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/06/23 09:59:14 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/23 09:59:13 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/21 21:55:58 | 000,251,929 | ---- | C] () -- C:\Users\Logan\Documents\how to.wma

[2012/06/19 20:19:50 | 099,071,039 | ---- | C] () -- C:\Users\Logan\Desktop\03995.wmv

[2012/06/19 14:44:57 | 000,203,915 | ---- | C] () -- C:\Users\Logan\Desktop\top comment.JPG

[2012/06/13 20:51:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/06/13 20:51:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2012/06/13 15:25:49 | 120,543,375 | ---- | C] () -- C:\Users\Logan\Desktop\03886.wmv

[2012/06/13 15:19:43 | 097,879,009 | ---- | C] () -- C:\Users\Logan\Desktop\colatera.wmv

[2012/06/12 20:54:37 | 223,313,007 | ---- | C] () -- C:\Users\Logan\Desktop\03866.wmv

[2012/06/12 16:10:53 | 034,069,995 | ---- | C] () -- C:\Users\Logan\Desktop\03852.wmv

[2012/06/12 09:57:29 | 010,869,623 | ---- | C] () -- C:\Users\Logan\Desktop\03847.wmv

[2012/06/12 09:51:26 | 096,294,985 | ---- | C] () -- C:\Users\Logan\Desktop\03846.wmv

[2012/06/12 09:46:15 | 036,694,037 | ---- | C] () -- C:\Users\Logan\Desktop\03831.wmv

[2012/06/12 09:33:39 | 054,326,313 | ---- | C] () -- C:\Users\Logan\Desktop\03790.wmv

[2012/06/09 20:34:13 | 000,277,292 | ---- | C] () -- C:\Users\Logan\Desktop\background.jpg

[2012/06/09 14:27:16 | 008,698,702 | ---- | C] () -- C:\Users\Logan\Desktop\03 Set Me Free (Original Mix) Feat. Susana Villarreal.mp3

[2012/06/09 14:13:48 | 008,531,517 | ---- | C] () -- C:\Users\Logan\Desktop\01 Take It (Original Mix).mp3

[2012/06/09 14:13:24 | 007,937,979 | ---- | C] () -- C:\Users\Logan\Desktop\02 How We Live (Original Mix) Feat. Raiser Torres.mp3

[2012/06/09 13:20:22 | 000,015,078 | ---- | C] () -- C:\Users\Logan\Desktop\Tank Parts.wlmp

[2012/06/08 20:15:09 | 003,662,190 | ---- | C] () -- C:\Users\Logan\Desktop\Shinedown - Devour (Official Music Video).mp3

[2012/06/01 13:10:55 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\WinRAR.lnk

[2012/05/15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2012/03/22 15:37:31 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2012/02/11 16:53:50 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/02/11 16:53:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/01/11 15:07:28 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\@

[2012/01/11 15:07:28 | 000,002,048 | -HS- | C] () -- C:\Users\Logan\AppData\Local\{aa6ab355-161e-4a47-3689-a3dd686840ff}\@

[2011/03/03 21:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

[2011/02/11 10:15:43 | 000,773,448 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/04/07 18:48:28 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\Audacity

[2011/12/23 12:08:18 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\Blio

[2012/06/25 15:13:50 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\gtk-2.0

[2011/11/04 17:42:29 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\LolClient

[2011/12/17 19:36:50 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\Origin

[2012/05/20 12:36:40 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\Publish Providers

[2012/06/21 16:27:50 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\SoftGrid Client

[2012/05/20 19:31:00 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\Sony

[2012/02/11 17:01:12 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\SystemRequirementsLab

[2011/10/29 13:06:48 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\TP

[2012/05/15 16:39:06 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\TS3Client

[2011/10/28 19:37:30 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\wargaming.net

[2011/11/05 14:18:43 | 000,000,000 | ---D | M] -- C:\Users\Logan\AppData\Roaming\WinBatch

[2012/06/28 21:50:03 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2403722706-734991845-1093604984-1000Core.job

[2012/06/29 13:17:32 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2403722706-734991845-1093604984-1000UA.job

[2012/05/28 10:40:51 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 6/29/2012 3:17:09 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Logan\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.98 Gb Total Physical Memory | 8.17 Gb Available Physical Memory | 81.89% Memory free

19.96 Gb Paging File | 17.45 Gb Available in Paging File | 87.42% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 1385.55 Gb Total Space | 1258.86 Gb Free Space | 90.86% Space Free | Partition Type: NTFS

Drive D: | 11.62 Gb Total Space | 1.42 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: LOGAN-HP | User Name: Logan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2403722706-734991845-1093604984-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series" = Canon MX880 series MP Drivers

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{43EBA222-8DF7-11E1-862B-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)

"{49F6DFDE-8DF7-11E1-9E5F-F04DA23A5C58}" = MSVCRT Redists

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6CFB1B20-ECAE-488F-9FFB-6AD420882E71}" = iTunes

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.42

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.42

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.7

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup

"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 33

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{465210C4-595A-BD80-44E8-E0457D9D8432}" = Zinio Reader 4

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{548F12A2-BD2E-4B5A-9B62-BBC0AA8EB3DD}" = Everio MediaBrowser 3

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0

"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981405}" = SaveVid Plug-in

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager

"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP Keyboard

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{BB760C1D-98F4-4E38-8CC4-3B67329AA981}" = HP MediaSmart/TouchSmart Netflix

"{C1AD9241-3ADD-483F-914D-071F3E50855A}" = HP LinkUp

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update

"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Audacity_is1" = Audacity 2.0

"Battlelog Web Plugins" = Battlelog Web Plugins

"Canon MX880 series User Registration" = Canon MX880 series User Registration

"Canon_IJ_Network_Scanner_Selector_EX" = Canon IJ Network Scanner Selector EX

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program

"ESN Sonar-0.70.4" = ESN Sonar

"Fraps" = Fraps (remove only)

"Google Chrome" = Google Chrome

"HP Remote Solution" = HP Remote Solution

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10

"Kobo" = Kobo

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NIS" = Norton Internet Security

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Origin" = Origin

"PDF Complete" = PDF Complete Special Edition

"PunkBusterSvc" = PunkBuster Services

"RealPlayer 15.0" = RealPlayer

"SaveVid Plug-in" = SaveVid Plug-in

"Steam App 240" = Counter-Strike: Source

"SystemRequirementsLab" = System Requirements Lab

"WildTangent hp Master Uninstall" = HP Games

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinLiveSuite" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

"WT087328" = Blackhawk Striker 2

"WT087330" = Bounce Symphony

"WT087335" = Build-a-lot 2

"WT087343" = Dora's World Adventure

"WT087393" = Mah Jong Medley

"WT087394" = Penguins!

"WT087395" = Poker Superstars III

"WT087396" = Polar Bowler

"WT087397" = Polar Golfer

"WT087415" = Wheel of Fortune 2

"WT087536" = Diner Dash 2 Restaurant Rescue

"WT089307" = Virtual Villagers 4 - The Tree of Life

"WT089308" = Blasterball 3

"WT089328" = Farm Frenzy

"WT089359" = Cake Mania

"WT089362" = Agatha Christie - Peril at End House

"WT089453" = Bejeweled 2 Deluxe

"WT089454" = Chuzzle Deluxe

"WT089455" = Zuma Deluxe

"WT089457" = Slingo Supreme

"WT089458" = Plants vs. Zombies - Game of the Year

"WT089470" = FATE - The Traitor Soul

"WT089484" = Namco All-Stars PAC-MAN

"WT089496" = Mystery P.I. - Stolen in San Francisco

"WT089498" = Bejeweled 3

"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2403722706-734991845-1093604984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"090215de958f1060" = Curse Client

"HuluDesktop" = Hulu Desktop

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2403722706-734991845-1093604984-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"HuluDesktop" = Hulu Desktop

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/19/2012 8:21:55 PM | Computer Name = Logan-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 4992

Error - 6/19/2012 8:21:56 PM | Computer Name = Logan-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/19/2012 8:21:56 PM | Computer Name = Logan-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 5990

Error - 6/19/2012 8:21:56 PM | Computer Name = Logan-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 5990

Error - 6/19/2012 8:21:57 PM | Computer Name = Logan-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/19/2012 8:21:57 PM | Computer Name = Logan-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 6989

Error - 6/19/2012 8:21:57 PM | Computer Name = Logan-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 6989

Error - 6/19/2012 8:21:58 PM | Computer Name = Logan-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/19/2012 8:21:58 PM | Computer Name = Logan-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 8003

Error - 6/19/2012 8:21:58 PM | Computer Name = Logan-HP | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 8003

[ Hewlett-Packard Events ]

Error - 3/18/2012 10:50:18 PM | Computer Name = Logan-HP | Source = HPSF.exe | ID = 4000

Description =

Error - 4/28/2012 12:10:33 PM | Computer Name = Logan-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String

category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:

Object '/5dedf3a7_05f1_4b6a_9bce_8bb594ac0597/jgpjmktnslqirbbuqdihmfbi_5.rem' has

been disconnected or does not exist at the server. Name: hpsa_service.exe Version:

06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

en-US RAM: 10220 Ram Utilization: TargetSite: Void UpdateDetail(System.String)

Error - 5/12/2012 11:20:15 AM | Computer Name = Logan-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 10220 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/12/2012 11:20:15 AM | Computer Name = Logan-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 10220 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/19/2012 11:47:05 PM | Computer Name = Logan-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 10220 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/19/2012 11:47:05 PM | Computer Name = Logan-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 10220 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/27/2012 1:23:26 AM | Computer Name = Logan-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 10220 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/27/2012 1:23:26 AM | Computer Name = Logan-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 10220 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/2/2012 11:55:35 AM | Computer Name = Logan-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object

of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow

dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:

HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support

Framework\HPSF.exe Format: en-US RAM: 10220 Ram Utilization: 20 TargetSite: Void SaveSessionInfo(System.Data.DataRow,

Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

[ System Events ]

Error - 2/20/2012 7:21:46 PM | Computer Name = Logan-HP | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk5\DR5.

< End of report >

Link to post
Share on other sites

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
    IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    IE - HKU\S-1-5-21-2403722706-734991845-1093604984-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
    [2012/05/30 16:47:05 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\ufiut2je.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    CHR - Extension: uTorrentBar = C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\
    [2012/06/29 08:54:40 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\00000008.@
    [2012/06/28 18:40:16 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\80000064.@
    [2012/06/28 18:40:16 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\L\00000004.@
    [2012/06/28 18:40:15 | 000,088,576 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\80000032.@
    [2012/06/28 18:40:15 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\80000000.@
    [2012/06/28 18:40:14 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\00000004.@
    [2012/06/28 18:40:14 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\000000cb.@
    [2012/01/11 15:07:28 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\@
    [2012/01/11 15:07:28 | 000,002,048 | -HS- | C] () -- C:\Users\Logan\AppData\Local\{aa6ab355-161e-4a47-3689-a3dd686840ff}\@

    :files
    C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}
    C:\Users\Logan\AppData\Local\{aa6ab355-161e-4a47-3689-a3dd686840ff}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

All processes killed

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry value HKEY_USERS\S-1-5-21-2403722706-734991845-1093604984-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\ not found.

Registry key HKEY_USERS\S-1-5-21-2403722706-734991845-1093604984-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.

Registry key HKEY_USERS\S-1-5-21-2403722706-734991845-1093604984-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\ufiut2je.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.

C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\ufiut2je.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins folder moved successfully.

C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\ufiut2je.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.

C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\ufiut2je.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.

C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\ufiut2je.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.

C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\ufiut2je.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.

C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\ufiut2je.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.

C:\Users\Logan\AppData\Roaming\Mozilla\Firefox\Profiles\ufiut2je.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Options folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Media\rssItem folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Media\popup folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Media\icons\useful_components folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Media\icons\urlGadget folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Media\icons folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Media\base64\searchBox folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Media\base64\rssItem folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Media\base64\ifarme folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Media\base64\icons folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Media\base64\dyamincMenu folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Media\base64 folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Media folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\services\translation folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\services\alerts folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\services folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\popup\view folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\popup folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\model folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\lib folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\xmlMenu\view folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\xmlMenu folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\urlGadget\view folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\urlGadget folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\multiRssItem\view folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\multiRssItem folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\menuPanel\view folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\menuPanel folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\dynamicMenu\view folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\dynamicMenu folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\contextMenu\view folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\contextMenu folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\container folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\components\view\InjectScript folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\components\view folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\components folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items\about folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\items folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\css folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\controller folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\API\component\view folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\API\component folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js\API folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\js folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0\Css folder moved successfully.

C:\Users\Logan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.7.1_0 folder moved successfully.

C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\00000008.@ moved successfully.

C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\80000064.@ moved successfully.

C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\L\00000004.@ moved successfully.

C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\80000032.@ moved successfully.

C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\80000000.@ moved successfully.

C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\00000004.@ moved successfully.

C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\@ moved successfully.

C:\Users\Logan\AppData\Local\{aa6ab355-161e-4a47-3689-a3dd686840ff}\@ moved successfully.

========== FILES ==========

C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U folder moved successfully.

C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff} scheduled to be moved on reboot.

C:\Users\Logan\AppData\Local\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U folder moved successfully.

C:\Users\Logan\AppData\Local\{aa6ab355-161e-4a47-3689-a3dd686840ff}\L folder moved successfully.

C:\Users\Logan\AppData\Local\{aa6ab355-161e-4a47-3689-a3dd686840ff} folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Logan\Downloads\cmd.bat deleted successfully.

C:\Users\Logan\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Logan

->Temp folder emptied: 4649149830 bytes

->Temporary Internet Files folder emptied: 521890638 bytes

->Java cache emptied: 231857 bytes

->FireFox cache emptied: 1138473217 bytes

->Google Chrome cache emptied: 339658801 bytes

->Flash cache emptied: 90543 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 107552 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 272784634 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67429 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 6,602.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06292012_152629

Files\Folders moved on Reboot...

C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff}\U folder moved successfully.

C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff} folder moved successfully.

C:\Users\Logan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\300x250iframeusav2[1].html moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\AdDisplayTrackerServlet[6].htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\Artemis[3].htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\ddcCARPBI08.htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\L21rdC8xL21jaHBpZC8z[1].gif moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\pixelCA7DEMUK.htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\Pug[6].gif moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\x914r4450428[1].htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLBD5TH0\addons-tracker-v4[1].htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLBD5TH0\ae_12232010[1].html moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLBD5TH0\build_creative[1].htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLBD5TH0\emily[1].htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9KWLVKW\dppix[1].htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9KWLVKW\pixelCAYQOJVF.htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQGFLUGH\AdDisplayTrackerServlet[5].htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA1P0SAO\data_sync[7].htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA1P0SAO\freq[1].htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA1P0SAO\syncuppixels[1].htm moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DP9ZPIPF\ro_x914[1].html moved successfully.

C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4YVKZS7C\addons-v4[2].htm moved successfully.

C:\Windows\temp\flaAF7A.tmp moved successfully.

File\Folder C:\Windows\temp\flaC58E.tmp not found!

File\Folder C:\Windows\temp\flaF37D.tmp not found!

PendingFileRenameOperations files...

File C:\Windows\Installer\{aa6ab355-161e-4a47-3689-a3dd686840ff} not found!

File C:\Users\Logan\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\300x250iframeusav2[1].html not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\AdDisplayTrackerServlet[6].htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\Artemis[3].htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\ddcCARPBI08.htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\L21rdC8xL21jaHBpZC8z[1].gif not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\pixelCA7DEMUK.htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\Pug[6].gif not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YCE5RN0R\x914r4450428[1].htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLBD5TH0\addons-tracker-v4[1].htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLBD5TH0\ae_12232010[1].html not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLBD5TH0\build_creative[1].htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLBD5TH0\emily[1].htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9KWLVKW\dppix[1].htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9KWLVKW\pixelCAYQOJVF.htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MQGFLUGH\AdDisplayTrackerServlet[5].htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA1P0SAO\data_sync[7].htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA1P0SAO\freq[1].htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA1P0SAO\syncuppixels[1].htm not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DP9ZPIPF\ro_x914[1].html not found!

File C:\Users\Logan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4YVKZS7C\addons-v4[2].htm not found!

File C:\Windows\temp\flaAF7A.tmp not found!

File C:\Windows\temp\flaC58E.tmp not found!

File C:\Windows\temp\flaF37D.tmp not found!

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.29.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Logan :: LOGAN-HP [administrator]

6/29/2012 3:33:27 PM

mbam-log-2012-06-29 (15-33-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 224711

Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.