Jump to content

SVC: Vongo threat detected on Avast...Vundo trojan detected on malwarebytes


Recommended Posts

So I ran malwarebytes quick scan and Vundotrojan was detected. It claimed to successfully remove it. Then I ran a full scan on avast and SVC:Vongo threat was detected. This was also removed. However, just in case I restored my laptop to factory settings. After downloading avast once I put it to factory settings it started to act up. Multiple browsers opened up and I saw the CMD open and close really fast in the back. I'm not sure if it was Norton and Avast conflicting with each other or the virus (I uninstalled Norton).

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/17/2008 10:04:01 AM

System Uptime: 1/3/2013 12:50:16 PM (0 hours ago)

.

Motherboard: Quanta | | 30EA

Processor: AMD Turion 64 X2 Mobile Technology TL-58 | Socket S1 | 1900/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 137 GiB total, 101.624 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.859 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player ActiveX

Adobe Reader 8.1.0

Adobe Shockwave Player

AIM 6

Atheros Driver Installation Program

avast! Free Antivirus

Cards_Calendar_OrderGift_DoMorePlugout

Compatibility Pack for the 2007 Office system

Conexant HD Audio

DVD Suite

EA Link

ESU for Microsoft Vista

Google Chrome

Google Update Helper

HDAUDIO Soft Data Fax Modem with SmartCP

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP DVD Play 3.6

HP Easy Setup - Frontend

HP Help and Support

HP Photosmart Essential 2.5

HP Quick Launch Buttons 6.30 D2

HP Smart Web Printing

HP Total Care Advisor

HP Update

HP User Guides 0091

HP Wireless Assistant

HPNetworkAssistant

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabel_Tattoo

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotoSmartPhotobookHolidayPack1

HPPhotoSmartPhotobookModernPack1

HPPhotoSmartPhotobookPlayfulPack1

HPPhotoSmartPhotobookScrapbookPack1

HPPhotoSmartPhotobookWebPack1

Java 7 Update 10

Java Auto Updater

Java 6 Update 2

LabelPrint

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

MSCU for Microsoft Vista

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.1

My HP Games

NetWaiting

NVIDIA Drivers

Power2Go

PowerDirector

PSSWCORE

QuickPlay SlingPlayer 0.4.4

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

Synaptics Pointing Device Driver

The Sims™ Life Stories

Update for Office 2007 (KB934528)

VideoToolkit01

Viewpoint Media Player

Vongo

WeatherBug Gadget

Yahoo! Toolbar

.

==== End Of File ===========================

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2/17/2008 10:04:01 AM

System Uptime: 1/3/2013 12:50:16 PM (0 hours ago)

.

Motherboard: Quanta | | 30EA

Processor: AMD Turion 64 X2 Mobile Technology TL-58 | Socket S1 | 1900/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 137 GiB total, 101.624 GiB free.

D: is FIXED (NTFS) - 12 GiB total, 1.859 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player ActiveX

Adobe Reader 8.1.0

Adobe Shockwave Player

AIM 6

Atheros Driver Installation Program

avast! Free Antivirus

Cards_Calendar_OrderGift_DoMorePlugout

Compatibility Pack for the 2007 Office system

Conexant HD Audio

DVD Suite

EA Link

ESU for Microsoft Vista

Google Chrome

Google Update Helper

HDAUDIO Soft Data Fax Modem with SmartCP

Hewlett-Packard Active Check

Hewlett-Packard Asset Agent for Health Check

HP Active Support Library

HP Customer Experience Enhancements

HP Doc Viewer

HP DVD Play 3.6

HP Easy Setup - Frontend

HP Help and Support

HP Photosmart Essential 2.5

HP Quick Launch Buttons 6.30 D2

HP Smart Web Printing

HP Total Care Advisor

HP Update

HP User Guides 0091

HP Wireless Assistant

HPNetworkAssistant

HPPhotoSmartDiscLabel_PaperLabel

HPPhotoSmartDiscLabel_PrintOnDisc

HPPhotoSmartDiscLabel_Tattoo

HPPhotoSmartDiscLabelContent1

hpphotosmartdisclabelplugin

HPPhotoSmartPhotobookHolidayPack1

HPPhotoSmartPhotobookModernPack1

HPPhotoSmartPhotobookPlayfulPack1

HPPhotoSmartPhotobookScrapbookPack1

HPPhotoSmartPhotobookWebPack1

Java 7 Update 10

Java Auto Updater

Java 6 Update 2

LabelPrint

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

MSCU for Microsoft Vista

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 6.1

My HP Games

NetWaiting

NVIDIA Drivers

Power2Go

PowerDirector

PSSWCORE

QuickPlay SlingPlayer 0.4.4

RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

Synaptics Pointing Device Driver

The Sims™ Life Stories

Update for Office 2007 (KB934528)

VideoToolkit01

Viewpoint Media Player

Vongo

WeatherBug Gadget

Yahoo! Toolbar

.

==== End Of File ===========================

Link to post
Share on other sites

Hello madmac7 and welcome to MalwareBytes forums.

Download OTL by OldTimer & SAVE to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar.
    Right click the otlDesktopIcon.png icon icon and select Run as Administrator to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 - 5 minutes.
    Do have infinite patience in case it runs a few minutes more.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then copy/paste the following into your post (in order):
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Add-reply because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited by Maurice Naggar
Link to post
Share on other sites

OTL logfile created on: 1/3/2013 2:45:37 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\joey\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.66% Memory free

4.09 Gb Paging File | 3.03 Gb Available in Paging File | 74.04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 137.35 Gb Total Space | 98.93 Gb Free Space | 72.03% Space Free | Partition Type: NTFS

Drive D: | 11.70 Gb Total Space | 1.86 Gb Free Space | 15.89% Space Free | Partition Type: NTFS

Computer Name: JOEY-PC | User Name: joey | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/03 14:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\joey\Desktop\OTL.exe

PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2007/10/24 23:36:50 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007/09/15 00:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe

PRC - [2006/11/02 01:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2007/10/25 01:16:19 | 000,815,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fbca0140921ed343cb511595869a0ed\System.Runtime.Remoting.ni.dll

MOD - [2007/10/25 01:14:54 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7108eaf5b5973bf7cdbdb47875e616e4\PresentationFramework.Aero.ni.dll

MOD - [2007/10/25 01:14:52 | 014,594,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a9141ad6851ff94ece503a1898c4ca3a\PresentationFramework.ni.dll

MOD - [2007/10/25 01:13:46 | 012,025,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\81e201b865ca4b1dc1baa769353a1d32\PresentationCore.ni.dll

MOD - [2007/10/01 15:11:02 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll

MOD - [2007/10/01 15:11:00 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll

MOD - [2007/10/01 15:10:50 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2007/10/01 15:10:28 | 000,036,864 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll

MOD - [2007/10/01 15:10:20 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll

MOD - [2007/10/01 15:10:20 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll

MOD - [2007/10/01 15:10:20 | 000,006,144 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll

MOD - [2006/11/02 04:57:46 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\59192aecec284fba3e9b4b6ec41a755d\System.EnterpriseServices.ni.dll

MOD - [2006/11/02 04:57:45 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b9588344b72703e9c361bd47d87cccf9\System.Transactions.ni.dll

MOD - [2006/11/02 04:57:45 | 000,294,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\59192aecec284fba3e9b4b6ec41a755d\System.EnterpriseServices.Wrapper.dll

MOD - [2006/11/02 04:57:44 | 006,656,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7812c95c325062211532c560b59da6b3\System.Data.ni.dll

MOD - [2006/11/02 04:57:34 | 013,148,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\35a9f19f21aac42b979be321f1bb5fd4\System.Windows.Forms.ni.dll

MOD - [2006/11/02 04:56:59 | 001,617,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\70c145ed25af403aa899ffcb633350b1\System.Drawing.ni.dll

MOD - [2006/11/02 04:56:48 | 005,619,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f76a7622c73e26e4d2daf54068d7ff79\System.Xml.ni.dll

MOD - [2006/11/02 04:56:39 | 001,003,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d7b63c1d2ab17ac3cc24881c4ff78b63\System.Configuration.ni.dll

MOD - [2006/11/02 04:55:38 | 003,272,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3b53dcf335a24dff03c7354dfebcb049\WindowsBase.ni.dll

MOD - [2006/11/02 04:55:23 | 008,151,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\fcc712bc5da45a672e7f1ad176dbd5a5\System.ni.dll

MOD - [2006/11/02 04:55:10 | 011,628,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7fe79782947b85d961fd55cb5e02a129\mscorlib.ni.dll

MOD - [2006/11/02 01:46:09 | 000,364,544 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll

MOD - [2006/11/01 22:34:22 | 000,114,176 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll

MOD - [2006/10/19 17:14:53 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2006/10/19 17:14:47 | 002,894,336 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

========== Services (SafeList) ==========

SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2007/10/24 23:36:50 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/08/31 10:15:06 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [On_Demand | Stopped] -- C:\Program Files\Vongo\VongoService.exe -- (Vongo Service)

SRV - [2007/03/05 10:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\joey\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012/10/30 15:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/10/30 15:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012/10/30 15:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012/10/30 15:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2007/09/28 00:06:00 | 007,628,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007/09/08 23:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)

DRV - [2007/07/09 15:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007/05/30 15:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)

DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/03/06 05:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/02/16 00:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop

IE - HKLM\..\SearchScopes,DefaultScope = {DB9DBEB0-BC08-4306-AE91-AE7CDFC606EA}

IE - HKLM\..\SearchScopes\{0864C034-A3A2-4A60-B61D-554FC878F44B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKLM\..\SearchScopes\{DB9DBEB0-BC08-4306-AE91-AE7CDFC606EA}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {DB9DBEB0-BC08-4306-AE91-AE7CDFC606EA}

IE - HKCU\..\SearchScopes\{0864C034-A3A2-4A60-B61D-554FC878F44B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKCU\..\SearchScopes\{DB9DBEB0-BC08-4306-AE91-AE7CDFC606EA}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

========== Chrome ==========

CHR - homepage: http://www.google.com

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.google.com

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.89\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U10 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

CHR - plugin: Java Deployment Toolkit 7.0.100.18 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - Extension: Google Drive = C:\Users\joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Users\joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

CHR - Extension: Gmail = C:\Users\joey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()

O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 10.10.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF19A56B-21F5-4055-9CB0-92BF5198FA90}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\CompaqTrace.jpg

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\CompaqTrace.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/10/25 00:41:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2005/09/11 07:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/03 14:41:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\joey\Desktop\OTL.exe

[2013/01/03 13:24:29 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Roaming\Malwarebytes

[2013/01/03 13:24:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/01/03 13:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/01/03 13:24:03 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/01/03 13:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/01/03 13:20:29 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2013/01/03 12:55:13 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\joey\Desktop\dds.com

[2013/01/03 12:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0

[2013/01/03 12:27:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013/01/02 22:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2013/01/02 22:15:34 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Local\Google

[2013/01/02 22:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2013/01/02 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2013/01/02 22:15:29 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2013/01/02 22:15:28 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2013/01/02 22:15:25 | 000,035,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2013/01/02 22:15:24 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2013/01/02 22:15:22 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2013/01/02 22:15:19 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2013/01/02 22:13:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2013/01/02 22:13:14 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2013/01/02 22:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2013/01/02 22:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013/01/02 22:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2013/01/02 22:04:56 | 000,779,704 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2013/01/02 22:04:53 | 000,859,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2013/01/02 22:04:53 | 000,260,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/01/02 22:04:34 | 000,174,000 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/01/02 22:04:34 | 000,173,992 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/01/02 22:04:34 | 000,093,640 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/01/02 22:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[2013/01/02 21:38:03 | 000,000,000 | ---D | C] -- C:\Users\joey\Desktop\Backup

[2013/01/02 21:18:05 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Local\Hewlett-Packard

[2013/01/02 21:17:49 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Local\QuickPlay

[2013/01/02 21:17:48 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Roaming\Symantec

[2013/01/02 21:17:08 | 000,000,000 | R--D | C] -- C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2013/01/02 21:17:08 | 000,000,000 | R--D | C] -- C:\Users\joey\Searches

[2013/01/02 21:17:08 | 000,000,000 | R--D | C] -- C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2013/01/02 21:16:58 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Roaming\Identities

[2013/01/02 21:16:56 | 000,000,000 | R--D | C] -- C:\Users\joey\Contacts

[2013/01/02 21:16:46 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Local\VirtualStore

[2013/01/02 21:13:36 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Roaming\Macromedia

[2013/01/02 21:13:18 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Roaming\Hewlett-Packard

[2013/01/02 21:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!

[2013/01/02 21:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2013/01/02 21:10:38 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Local\Downloaded Installations

[2013/01/02 21:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts

[2013/01/02 21:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts

[2013/01/02 21:06:14 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll

[2013/01/02 21:06:14 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll

[2013/01/02 21:06:13 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll

[2013/01/02 21:06:13 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll

[2013/01/02 21:06:12 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll

[2013/01/02 21:06:02 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll

[2013/01/02 21:06:01 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll

[2013/01/02 21:06:01 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll

[2013/01/02 21:06:00 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll

[2013/01/02 21:06:00 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll

[2013/01/02 21:05:59 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll

[2013/01/02 21:05:56 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll

[2013/01/02 21:05:55 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll

[2013/01/02 21:05:53 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll

[2013/01/02 21:03:45 | 000,000,000 | R--D | C] -- C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2013/01/02 21:03:45 | 000,000,000 | R--D | C] -- C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\AppData\Local\Temporary Internet Files

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\Templates

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\Start Menu

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\SendTo

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\Recent

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\PrintHood

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\NetHood

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\Documents\My Videos

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\Documents\My Pictures

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\Documents\My Music

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\My Documents

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\Local Settings

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\AppData\Local\History

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\Cookies

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\Application Data

[2013/01/02 21:03:45 | 000,000,000 | -HSD | C] -- C:\Users\joey\AppData\Local\Application Data

[2013/01/02 21:03:45 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Local\Temp

[2013/01/02 21:03:45 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Local\Microsoft

[2013/01/02 21:03:45 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Roaming\Media Center Programs

[2013/01/02 21:03:45 | 000,000,000 | ---D | C] -- C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite

[2013/01/02 21:03:44 | 000,000,000 | --SD | C] -- C:\Users\joey\AppData\Roaming\Microsoft

[2013/01/02 21:03:44 | 000,000,000 | R--D | C] -- C:\Users\joey\Videos

[2013/01/02 21:03:44 | 000,000,000 | R--D | C] -- C:\Users\joey\Saved Games

[2013/01/02 21:03:44 | 000,000,000 | R--D | C] -- C:\Users\joey\Pictures

[2013/01/02 21:03:44 | 000,000,000 | R--D | C] -- C:\Users\joey\Music

[2013/01/02 21:03:44 | 000,000,000 | R--D | C] -- C:\Users\joey\Links

[2013/01/02 21:03:44 | 000,000,000 | R--D | C] -- C:\Users\joey\Favorites

[2013/01/02 21:03:44 | 000,000,000 | R--D | C] -- C:\Users\joey\Downloads

[2013/01/02 21:03:44 | 000,000,000 | R--D | C] -- C:\Users\joey\Documents

[2013/01/02 21:03:44 | 000,000,000 | R--D | C] -- C:\Users\joey\Desktop

[2013/01/02 21:03:44 | 000,000,000 | -H-D | C] -- C:\Users\joey\AppData

[2013/01/02 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates

[2013/01/02 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu

[2013/01/02 20:59:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos

[2013/01/02 20:59:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures

[2013/01/02 20:59:55 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music

[2013/01/02 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites

[2013/01/02 20:59:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings

[2013/01/02 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents

[2013/01/02 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop

[2013/01/02 20:59:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data

[2013/01/02 20:59:28 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/01/03 14:42:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\joey\Desktop\OTL.exe

[2013/01/03 13:56:26 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/03 13:56:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/03 13:50:59 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/03 13:50:59 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/03 13:24:08 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/03 12:57:33 | 000,618,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/01/03 12:57:33 | 000,104,024 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/01/03 12:55:19 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\joey\Desktop\dds.com

[2013/01/03 12:52:02 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini

[2013/01/03 12:50:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/01/03 12:50:32 | 2079,248,384 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/03 12:20:46 | 000,001,800 | ---- | M] () -- C:\ProgramData\LuUninstall.LiveUpdate

[2013/01/02 22:34:07 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/01/02 22:34:07 | 000,001,955 | ---- | M] () -- C:\Users\joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/01/02 22:18:09 | 000,003,584 | ---- | M] () -- C:\Users\joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/01/02 22:15:30 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/01/02 22:15:19 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2013/01/02 22:03:48 | 000,093,640 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/01/02 22:03:32 | 000,260,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/01/02 22:03:32 | 000,174,000 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/01/02 22:03:31 | 000,173,992 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/01/02 22:03:30 | 000,859,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll

[2013/01/02 22:03:30 | 000,779,704 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2013/01/02 21:50:23 | 000,000,943 | ---- | M] () -- C:\Users\joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/01/02 21:16:45 | 000,000,081 | ---- | M] () -- C:\Windows\System32\LOG

[2013/01/02 21:16:42 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat

[2013/01/02 21:13:08 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Internet & Digital Services.lnk

[2013/01/02 21:04:12 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario F700 Notebook PC_Y5335KV_0U_QCNF8064LR0_E458057-001_4A_I30EA_SQuanta_V86.09_F.05_T071207_WV3-0_L409_M1983_J160_7AMD_8F82_91.90_#071025_N10DE054C;168C001C_(KC490UA#ABA)_XMOBILE_CN10_Z_2Rev 1.MRK

[2013/01/02 20:58:05 | 000,311,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/01/03 13:24:08 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/01/03 12:23:37 | 2079,248,384 | -HS- | C] () -- C:\hiberfil.sys

[2013/01/03 12:20:46 | 000,001,800 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate

[2013/01/02 22:34:07 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/01/02 22:34:07 | 000,001,955 | ---- | C] () -- C:\Users\joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/01/02 22:18:08 | 000,003,584 | ---- | C] () -- C:\Users\joey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/01/02 22:16:00 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/02 22:15:57 | 000,000,878 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/02 22:15:30 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2013/01/02 21:50:23 | 000,000,943 | ---- | C] () -- C:\Users\joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2013/01/02 21:17:10 | 000,000,949 | ---- | C] () -- C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2013/01/02 21:17:08 | 000,000,944 | ---- | C] () -- C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2013/01/02 21:16:56 | 000,000,915 | ---- | C] () -- C:\Users\joey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

[2013/01/02 21:16:45 | 000,000,081 | ---- | C] () -- C:\Windows\System32\LOG

[2013/01/02 21:16:42 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat

[2013/01/02 21:13:09 | 000,002,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

[2013/01/02 21:13:09 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\MSN.lnk

[2013/01/02 21:13:09 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk

[2013/01/02 21:13:09 | 000,001,865 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk

[2013/01/02 21:13:08 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Internet & Digital Services.lnk

[2013/01/02 21:04:12 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario F700 Notebook PC_Y5335KV_0U_QCNF8064LR0_E458057-001_4A_I30EA_SQuanta_V86.09_F.05_T071207_WV3-0_L409_M1983_J160_7AMD_8F82_91.90_#071025_N10DE054C;168C001C_(KC490UA#ABA)_XMOBILE_CN10_Z_2Rev 1.MRK

[2013/01/02 21:03:45 | 000,000,258 | ---- | C] () -- C:\Users\joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2013/01/02 21:03:45 | 000,000,240 | ---- | C] () -- C:\Users\joey\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2007/10/24 23:56:41 | 011,315,200 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2006/11/02 01:46:04 | 000,614,400 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 01:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 1/3/2013 2:45:37 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\joey\Desktop

Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6000.16512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 51.66% Memory free

4.09 Gb Paging File | 3.03 Gb Available in Paging File | 74.04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 137.35 Gb Total Space | 98.93 Gb Free Space | 72.03% Space Free | Partition Type: NTFS

Drive D: | 11.70 Gb Total Space | 1.86 Gb Free Space | 15.89% Space Free | Partition Type: NTFS

Computer Name: JOEY-PC | User Name: joey | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"" =

"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1AE562DA-7309-453A-9981-14754F331E8B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{215A0E8B-F3B1-4142-9EDC-67844C866781}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{3AB9E897-EFD5-46F8-A8FD-92524044A185}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{4630CE96-7C84-4111-9852-86D38C21972F}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{5D822295-A632-4383-8E27-59B0DDEE4CB9}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |

"{6DA52B40-B3EB-44DC-A7FD-F76685D124B8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{71D34C68-56BB-40D3-89EE-C4D9B9E729FB}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |

"{AB196BDF-4D50-4B68-BD55-10E9173EF3AB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{BAF2F0A3-BD92-4F8F-BE0A-268C5AF5A2E8}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{CA6C467C-F80C-4393-A684-1A757088196E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{CCB39148-7984-4B64-B9C3-C4136001128B}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{D012D9F6-2140-435A-84C2-5468FCAFA85A}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

"{FB8AC562-E60F-4011-B998-AC91AD9AB9A9}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1

"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer

"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing

"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update

"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library

"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite

"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget

"{2284D904-C138-4B58-93EC-5C362AB5130A}" = The Sims™ Life Stories

"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant

"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1

"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check

"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program

"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 D2

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check

"{68471BF2-F1F7-4C89-BBBA-400B94996596}" = ESU for Microsoft Vista

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1

"{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}" = Vongo

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend

"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1

"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin

"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor

"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant

"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E6D3A461-8DDE-45C9-8C34-A33436FCC0B4}" = HP User Guides 0091

"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link

"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo

"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"AIM_6" = AIM 6

"avast" = avast! Free Antivirus

"CNXT_AUDIO_HDA" = Conexant HD Audio

"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP

"Google Chrome" = Google Chrome

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"NVIDIA Drivers" = NVIDIA Drivers

"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"ViewpointMediaPlayer" = Viewpoint Media Player

"WildTangent hp Master Uninstall" = My HP Games

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/3/2013 1:16:24 AM | Computer Name = joey-PC | Source = RasClient | ID = 20227

Description =

Error - 1/3/2013 2:35:03 AM | Computer Name = joey-PC | Source = Application Hang | ID = 1002

Description = The program avast.setup version 7.0.1474.765 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 1240 Start Time: 01cde9791e1b6980 Termination Time: 0

Error - 1/3/2013 4:14:15 PM | Computer Name = joey-PC | Source = WerSvc | ID = 5007

Description =

Error - 1/3/2013 4:18:59 PM | Computer Name = joey-PC | Source = EventSystem | ID = 4609

Description =

Error - 1/3/2013 4:25:03 PM | Computer Name = joey-PC | Source = Application Hang | ID = 1002

Description = The program Explorer.EXE version 6.0.6000.16386 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 4f0 Start Time: 01cde9f049cc007b Termination Time: 62

Error - 1/3/2013 4:28:44 PM | Computer Name = joey-PC | Source = WerSvc | ID = 5007

Description =

Error - 1/3/2013 4:57:33 PM | Computer Name = joey-PC | Source = WerSvc | ID = 5007

Description =

[ System Events ]

Error - 1/3/2013 6:29:29 PM | Computer Name = joey-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/3/2013 6:29:29 PM | Computer Name = joey-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/3/2013 6:29:29 PM | Computer Name = joey-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/3/2013 6:29:29 PM | Computer Name = joey-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/3/2013 6:29:29 PM | Computer Name = joey-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/3/2013 6:29:29 PM | Computer Name = joey-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/3/2013 6:29:29 PM | Computer Name = joey-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/3/2013 6:29:29 PM | Computer Name = joey-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/3/2013 6:29:29 PM | Computer Name = joey-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

Error - 1/3/2013 6:29:29 PM | Computer Name = joey-PC | Source = Microsoft-Windows-Servicing | ID = 4375

Description =

< End of report >

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.56

Windows Vista x86 (UAC is enabled)

Out of date service pack!!

Internet Explorer 7 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 7 Update 10

Java 6 Update 2

Java version out of Date!

Adobe Reader 8 Adobe Reader out of Date!

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Windows Defender MSASCui.exe

Windows Defender MSASCui.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

  1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
  2. Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
    On Windows 7, press Windows-key, then start typing in text box
Malwarebytes[code] then select/click [b]Malwarebytes Anti-Malware Chameleon[/b]
Once the Help file opens, click on a [b]Chameleon[/b] button (starting with #1)
If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
You should see a black Command-prompt-window that remains open and says [b]MBAM-chameleon ver. 1.6[/b] at the top
Press any key to continue as it says in the window {space-bar will do}
If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
Have infinite patience during this process
Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
Once the update completes and it says your database is updated, click on [b]OK[/b] button so that process can continue :excl:
Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
Once the scan is complete, click on [b]Show Results[/b] and remove any threats that are found by clicking [b]Remove Selected[/b]
If prompted to restart your computer to complete the removal process, click [b]Yes[/b] :excl:
If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
After your computer restarts, open [b]Malwarebytes Anti-Malware[/b] and perform one last Quick scan to verify that there are no remaining threats

Reply with copy of the MBAM scan log for review.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.01.04.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

joey :: JOEY-PC [administrator]

1/4/2013 1:10:00 PM

mbam-log-2013-01-04 (13-10-00).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 194974

Time elapsed: 5 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

That is a good, hopeful result from MBAM. Let's follow-up with this next

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member madmac7 only. If you are a casual viewer, do NOT try this on your system!

If you are not madmac7 and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.