Security Shield 2012 removal help

coolbobd · Mar 6, 2012

Hello,
I believe I have followed the rules correctly. I am trying to get Security Shield 2012 off of a friends computer and am looking for some help. After computer turn on and Windows logo of loading on Vista it goes straight to a black screen. Sometimes it will load the Documents folder, other times I have to task manager->run to get a window to show up. That is all that shows, if I run explorer.exe it loads the desktop and then security shield loads up and says "NO" to everything. Here is the DDS.txt info and attached is the attach.txt file. If anything else is immediately needed, please let me know. Thank you

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Hudson at 23:14:59 on 2012-03-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1242 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\crrss.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\Explorer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar =
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\crrss.exe
uWinlogon: shell=explorer.exe "c:\users\hudson\winlogon.exe"
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.5\PEhelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AV Security Essentials] "c:\programdata\3df607\AV3df_8039.exe" /s /d
uRun: [i2pmd53j7b] c:\users\hudson\i2pmd53j7b.exe
uRun: [Antivirus Protection 2012 SH] c:\users\hudson\appdata\roaming\antivirus protection 2012\securityhelper.exe
uRun: [Regedit32] c:\windows\system32\regedit.exe
uRun: [winlogon] c:\users\hudson\winlogon.exe
uRun: [windows update server] c:\users\hudson\ae8ae019-3122.exe
uRun: [g1p29swrc8fr] c:\users\hudson\appdata\roaming\antivirus protection 2012\securityhelper.exe
uRun: [Antivirus Protection 2012] "c:\users\hudson\appdata\roaming\antivirus protection 2012\AntivirusProtection2012.exe" /STARTUP
uRun: [Antivirus Protection 2012 SM] c:\users\hudson\appdata\roaming\antivirus protection 2012\securitymanager.exe
uRunOnce: [bfbmk] c:\users\hudson\appdata\local\bfbmk.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HostManager] c:\program files\common files\aol\1200349749\ee\AOLSoftware.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon]
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [BSDAppUpdater] c:\program files\common files\bsd\appupdater\BSDChecker.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [crrss] c:\windows\system32\crrss.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\hudson\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: netzero.com
Trusted Zone: netzero.net
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 10.71.0.1
TCP: Interfaces\{704FD937-485D-451D-9B6C-5E6F3A3F122B} : DhcpNameServer = 8.8.8.8 64.61.99.2 4.2.2.1
TCP: Interfaces\{709520F1-D566-40A7-8713-87FD06B60450} : DhcpNameServer = 10.71.0.1
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hudson\appdata\roaming\mozilla\firefox\profiles\0owebmva.default\
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmfv.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
.
============= SERVICES / DRIVERS ===============
.
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-22 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-31 133104]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-1-25 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-1-25 79360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-31 133104]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2010-1-25 802176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-6-22 16896]
.
=============== Created Last 30 ================
.
2012-03-06 04:40:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-06 04:40:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-06 03:17:58 -------- d-----w- C:\sh4ldr
2012-03-06 03:17:58 -------- d-----w- c:\program files\Enigma Software Group
2012-03-06 03:16:37 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-06 03:16:30 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-03-05 00:39:17 346624 ----a-w- c:\users\hudson\appdata\local\fmxdt.exe
2012-03-04 23:55:36 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d897fe3f-46c7-4bab-a375-4dfe61d08f6d}\offreg.dll
2012-03-02 22:00:08 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d897fe3f-46c7-4bab-a375-4dfe61d08f6d}\mpengine.dll
2012-03-02 03:35:28 346624 ----a-w- c:\users\hudson\appdata\local\bfbmk.exe
2012-03-02 03:35:00 -------- d-----w- c:\users\hudson\appdata\roaming\Antivirus Protection 2012
2012-03-02 03:34:21 -------- d-----w- c:\users\hudson\appdata\local\usrCommsdrm
2012-02-23 04:46:30 -------- dc-h--w- c:\programdata\{B56F52F5-B6EA-4C91-9F4C-FC46FAD6F1AC}
2012-02-23 04:42:29 -------- dc-h--w- c:\programdata\{D0D88A79-3F53-4F9D-9D83-21F8EECCCAA3}
2012-02-23 04:42:14 -------- d-----w- c:\programdata\Transparent
2012-02-23 04:42:14 -------- d-----w- c:\program files\Transparent
2012-02-17 20:34:55 -------- d-----w- c:\users\hudson\appdata\local\odbccfgCtrl
2012-02-17 20:34:42 20936 ----a-w- c:\users\hudson\i2pmd53j7b.exe
2012-02-15 20:34:46 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 20:34:45 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 20:34:43 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-13 03:08:41 -------- d-sh--w- c:\users\hudson\appdata\roaming\AV Security Essentials
2012-02-13 03:08:40 -------- d-sh--w- c:\programdata\AVMRXFDZDISE
2012-02-13 03:08:03 -------- d-sh--w- c:\programdata\3df607
2012-02-07 02:51:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-07 02:51:13 -------- d-----w- c:\programdata\McAfee Security Scan
2012-02-07 02:51:11 -------- d-----w- c:\program files\McAfee Security Scan
.
==================== Find3M ====================
.
2012-01-29 11:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:16:11.78 ===============

ken545 · Mar 6, 2012

:snwelcome:

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR

This is what you need to do, follow this in order.

1. Boot to Safemode with Networking

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode

2.

Open Internet Explorer and go to Tools > Internet Options> Connections Tab > Lan Setting and uncheck USE A PROXY SERVER. Then ok your way out and close IE

3.

Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe
2. rkill.com
3. rkill.scr
4. WiNlOgOn.exe
5. uSeRiNiT.exe

Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

Run rkill repeatedly until it's able to do it's job. This may take a few tries.

You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

4.

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please

coolbobd · Mar 6, 2012

Ok I have followed your instructions, IE didn't have that box checked so I was good there. In Safe Mode with Networking I got RKill to run and cycle explorer. However the log that comes up didn't say anything in the files found section. I then downloaded and ran Malwarebytes and it inspected the system with the quick scan. The first time through it found 15 entries, when I clicked Remove Selected it got about 3/4 progress and then froze up. I waited 10 mins, then ended the task. I then redownloaded and reran Malwarebytes and this time it found 4 entries and it froze up at 50%. I decided to give it a third attempt and well apparently 3's the lucky number because it worked and here is the log.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.06.09

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Hudson :: HUDSON-PC [administrator]

Protection: Disabled

3/6/2012 5:03:35 PM
mbam-log-2012-03-06 (17-03-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 187868
Time elapsed: 3 minute(s), 32 second(s)

Memory Processes Detected: 1
C:\Windows\System32\crrss.exe (Trojan.Zbot.USZ) -> 1572 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winlogon (Trojan.Agent) -> Data: C:\Users\Hudson\winlogon.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\Hudson\AppData\Roaming\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports (Adware.ShopperReports) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Windows\System32\crrss.exe (Trojan.Zbot.USZ) -> Delete on reboot.
C:\Users\Hudson\winlogon.exe (Trojan.Zbot.USZ) -> Quarantined and deleted successfully.

(end)

coolbobd · Mar 6, 2012

I am also getting a problem with this computer that, according to the person, started the same time this Security Shield virus hit. When loading the computer, it will go through the visuals of the loading bar and the logo, then when it goes to load in, it only loads a Window, showing just the Desktop icons in this window, it doesn't show the Start bar, or any actual shell(?).

ken545 · Mar 6, 2012

Lets do this as this computer was really infected

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

coolbobd · Mar 6, 2012

Here is the requested log.

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-06 17:56:32
-----------------------------
17:56:32.599 OS Version: Windows 6.0.6002 Service Pack 2
17:56:32.599 Number of processors: 2 586 0xF0D
17:56:32.599 ComputerName: HUDSON-PC UserName: Hudson
17:56:53.019 Initialize success
17:57:10.335 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
17:57:10.335 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
17:57:10.351 Disk 0 MBR read successfully
17:57:10.351 Disk 0 MBR scan
17:57:10.351 Disk 0 unknown MBR code
17:57:10.366 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 230079 MB offset 63
17:57:10.398 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 8393 MB offset 471202515
17:57:10.398 Disk 0 scanning sectors +488392065
17:57:10.476 Disk 0 scanning C:\Windows\system32\drivers
17:57:19.914 Service scanning
17:57:44.484 Modules scanning
17:57:48.633 Disk 0 trace - called modules:
17:57:48.664 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
17:57:48.664 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8582c570]
17:57:48.680 3 CLASSPNP.SYS[885a78b3] -> nt!IofCallDriver -> [0x84e18878]
17:57:48.680 5 acpi.sys[826986bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84458030]
17:57:48.696 Scan finished successfully
17:58:29.661 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
17:58:29.895 The log file has been saved successfully to "F:\aswMBR.txt"

ken545 · Mar 7, 2012

How are things running now, are you experiencing any browser redirects, is that rogue program still coming up ?

coolbobd · Mar 7, 2012

I do not see that virus acting anymore, however when it goes to load Windows the only thing that loads up after the Windows animations is the Documents folder. Nothing else loads, I have to ctrl alt del then new task explorer.exe to get the desktop to load up completely. When I do that I noticed a popup from Windows Defender stating that some programs have been blocked from starting, all 3 of those files happen to be the files associated with the virus. It doesn't give me the option to remove those startup requests, it just keeps them disabled. Would my current problem with explorer.exe be related to the virus?

ken545 · Mar 7, 2012

Lets run another program

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

coolbobd · Mar 7, 2012

Here is the requested file, also when it restarted it loaded right into the desktop.

ComboFix 12-03-06.01 - Hudson 03/06/2012 18:48:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.929 [GMT -6:00]
Running from: c:\users\Hudson\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Hudson\AppData\Local\{DFFB885A-3A34-4D01-9C50-6AFFBAA6C6C5}
c:\users\Hudson\AppData\Local\{DFFB885A-3A34-4D01-9C50-6AFFBAA6C6C5}\chrome.manifest
c:\users\Hudson\AppData\Local\{DFFB885A-3A34-4D01-9C50-6AFFBAA6C6C5}\chrome\content\_cfg.js
c:\users\Hudson\AppData\Local\{DFFB885A-3A34-4D01-9C50-6AFFBAA6C6C5}\chrome\content\overlay.xul
c:\users\Hudson\AppData\Local\{DFFB885A-3A34-4D01-9C50-6AFFBAA6C6C5}\install.rdf
c:\users\Hudson\AppData\Roaming\antivirus protection 2012
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\cb.dll
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\cb.exe
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\cid.exe
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\eb.dll
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\energy.dll
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\exec.dll
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\fix.drv
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\FS.dll
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
c:\users\Hudson\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\users\Hudson\Documents\~WRL1950.tmp
c:\users\Hudson\i2pmd53j7b.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 01:04 . 2012-03-07 01:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 05:13 . 2012-03-06 05:13 -------- d-----w- c:\program files\ERUNT
2012-03-06 04:40 . 2012-03-06 04:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-06 04:40 . 2012-03-06 04:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-03-06 03:17 . 2012-03-06 04:25 -------- d-----w- C:\sh4ldr
2012-03-06 03:17 . 2012-03-06 03:17 -------- d-----w- c:\program files\Enigma Software Group
2012-03-06 03:16 . 2012-03-06 04:25 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-03-06 03:16 . 2012-03-06 03:16 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-03-02 03:34 . 2012-03-05 00:27 -------- d-----w- c:\users\Hudson\AppData\Local\usrCommsdrm
2012-02-23 04:46 . 2012-02-23 04:46 -------- dc-h--w- c:\programdata\{B56F52F5-B6EA-4C91-9F4C-FC46FAD6F1AC}
2012-02-23 04:42 . 2012-02-23 04:42 -------- dc-h--w- c:\programdata\{D0D88A79-3F53-4F9D-9D83-21F8EECCCAA3}
2012-02-23 04:42 . 2012-02-23 04:45 -------- d-----w- c:\programdata\Transparent
2012-02-23 04:42 . 2012-02-23 04:45 -------- d-----w- c:\program files\Transparent
2012-02-17 20:34 . 2012-02-26 21:56 -------- d-----w- c:\users\Hudson\AppData\Local\odbccfgCtrl
2012-02-15 20:34 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-13 03:08 . 2012-02-13 03:09 -------- d-sh--w- c:\users\Hudson\AppData\Roaming\AV Security Essentials
2012-02-13 03:08 . 2012-02-13 03:08 -------- d-sh--w- c:\programdata\AVMRXFDZDISE
2012-02-13 03:08 . 2012-02-13 23:11 -------- d-sh--w- c:\programdata\3df607
2012-02-07 02:51 . 2012-02-07 02:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-07 02:51 . 2012-02-07 02:51 -------- d-----w- c:\programdata\McAfee
2012-02-07 02:51 . 2012-02-07 02:51 -------- d-----w- c:\programdata\McAfee Security Scan
2012-02-07 02:51 . 2012-02-11 00:35 -------- d-----w- c:\program files\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-04 23:55 . 2012-03-04 23:55 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D897FE3F-46C7-4BAB-A375-4DFE61D08F6D}\offreg.dll
2012-02-15 09:03 . 2012-02-15 09:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-15 09:03 . 2012-02-15 09:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-15 09:03 . 2012-02-15 09:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-15 09:03 . 2012-02-15 09:03 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-15 09:03 . 2012-02-15 09:03 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-15 09:03 . 2012-02-15 09:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-15 09:03 . 2012-02-15 09:03 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-15 09:03 . 2012-02-15 09:03 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-15 09:03 . 2012-02-15 09:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-15 09:03 . 2012-02-15 09:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-15 09:03 . 2012-02-15 09:03 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-15 09:03 . 2012-02-15 09:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-15 09:03 . 2012-02-15 09:03 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-15 09:03 . 2012-02-15 09:03 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-08 06:03 . 2012-03-02 22:00 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D897FE3F-46C7-4BAB-A375-4DFE61D08F6D}\mpengine.dll
2012-01-29 11:10 . 2009-10-04 21:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-12 19:52 . 2012-02-15 20:34 2044416 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 16:17 . 2012-02-15 20:34 680448 ----a-w- c:\windows\system32\msvcrt.dll
2011-12-10 21:24 . 2009-10-30 04:20 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2003-03-19 05:20 . 2010-11-09 02:47 1060864 ----a-w- c:\program files\mozilla firefox\plugins\mfc71.dll
2003-02-21 12:42 . 2010-11-09 02:47 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
2012-02-18 17:42 . 2011-04-03 20:11 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-04-24 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 50696]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HostManager"="c:\program files\Common Files\AOL\1200349749\ee\AOLSoftware.exe" [2006-09-26 50736]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-18 185896]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-12 47392]
"Creative SB Monitoring Utility"="sbavmon.dll" [2008-12-02 94720]
"BSDAppUpdater"="c:\program files\Common Files\BSD\AppUpdater\BSDChecker.exe" [2010-11-24 1660232]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 05:14]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 05:14]
.
2011-05-20 c:\windows\Tasks\User_Feed_Synchronization-{D7535A90-343A-4190-A4F4-95F087476F17}.job
- c:\windows\system32\msfeedssync.exe [2012-02-15 09:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: netzero.com
Trusted Zone: netzero.net
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 10.71.0.1
FF - ProfilePath - c:\users\Hudson\AppData\Roaming\Mozilla\Firefox\Profiles\0owebmva.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AV Security Essentials - c:\programdata\3df607\AV3df_8039.exe
HKCU-Run-i2pmd53j7b - c:\users\Hudson\i2pmd53j7b.exe
HKCU-Run-Regedit32 - c:\windows\system32\regedit.exe
HKLM-Run-hpqSRMon - (no file)
HKLM-Run-crrss - c:\windows\system32\crrss.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1840)
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
.
**************************************************************************
.
Completion time: 2012-03-06 19:18:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-07 01:16
.
Pre-Run: 86,853,390,336 bytes free
Post-Run: 86,831,480,832 bytes free
.
- - End Of File - - AFF4D6F512D58008C533EC76B0083B9F

ken545 · Mar 7, 2012

Great

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the

button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on
  
  to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the
  
  icon on your desktop.
Check
Click the

button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push

, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the

button.
Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

coolbobd · Mar 8, 2012

Here is the requested files.

ESETScan
C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}(13)\chrome\scanquery.jar Win32/Adware.OneStep application
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinAutoRunul.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\Users\Hudson\i2pmd53j7b.exe.vir a variant of Win32/Kryptik.ABDU trojan
C:\Qoobox\Quarantine\C\Users\Hudson\AppData\Local\{DFFB885A-3A34-4D01-9C50-6AFFBAA6C6C5}\chrome\content\overlay.xul.vir JS/Gord.A trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinAutoRunul.zip Win32/Bagle.gen.zip worm
C:\Users\Hudson\AppData\Local\VirtualStore\Windows\System32\net.net a variant of Win32/TrojanClicker.Punad.AA trojan
C:\Users\Hudson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\27b84623-49a47216 a variant of Java/Exploit.CVE-2010-4452.A trojan
C:\Users\Hudson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\2dc1342c-4ed9be7e a variant of Java/Exploit.CVE-2011-3544.AW trojan
C:\Users\Hudson\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\4934abef-591ebdb8 multiple threats
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\075U12RW\upgrade[1].cab a variant of Win32/Adware.OneStep.Y application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0FED0I4P\upgrade[1].cab a variant of Win32/Adware.OneStep.Z application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRE0R50U\upgrade[1].cab a variant of Win32/Adware.OneStep.Z application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FRE0R50U\upgrade[2].cab a variant of Win32/Adware.OneStep.Z application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHFAXM7I\upgrade[1].cab a variant of Win32/Adware.OneStep.Z application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MHFAXM7I\upgrade[2].cab a variant of Win32/Adware.OneStep.Z application

coolbobd · Mar 8, 2012

OTL

OTL logfile created on: 3/7/2012 9:22:48 PM - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Hudson\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.97% Memory free
4.21 Gb Paging File | 2.88 Gb Available in Paging File | 68.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.69 Gb Total Space | 81.39 Gb Free Space | 36.22% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.77 Gb Free Space | 21.55% Space Free | Partition Type: NTFS

Computer Name: HUDSON-PC | User Name: Hudson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hudson\Downloads\OTL (2).exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\aol\1200349749\ee\aolsoftware.exe (America Online, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Google\Chrome\Application\17.0.963.66\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\17.0.963.66\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\17.0.963.66\avutil-51.dll ()
MOD - C:\Program Files\Google\Chrome\Application\17.0.963.66\avformat-53.dll ()
MOD - C:\Program Files\Google\Chrome\Application\17.0.963.66\avcodec-53.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Windows\System32\CmdRtr.DLL ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()

========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (IpInIp) -- File not found
DRV - (esgiguard) -- File not found
DRV - (catchme) -- File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (ksaud) -- C:\Windows\System32\drivers\ksaud.sys (Creative Technology Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {71A14E52-DA1B-449D-933E-1E6AC6051285}
IE - HKLM\..\SearchScopes\{71A14E52-DA1B-449D-933E-1E6AC6051285}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{94BFDA08-B098-4820-B5C7-C0795B490C7F}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
IE - HKLM\..\SearchScopes\{EFDF1BB4-D1A1-4D14-98B1-6CE417CCF54B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {71A14E52-DA1B-449D-933E-1E6AC6051285}
IE - HKCU\..\SearchScopes\{71A14E52-DA1B-449D-933E-1E6AC6051285}: "URL" = http://findgala.com/?&uid=8039&q={searchTerms}
IE - HKCU\..\SearchScopes\{94BFDA08-B098-4820-B5C7-C0795B490C7F}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
IE - HKCU\..\SearchScopes\{EFDF1BB4-D1A1-4D14-98B1-6CE417CCF54B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/10 14:48:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/03 16:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/03 16:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/06 20:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 11:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 19:46:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DFFB885A-3A34-4D01-9C50-6AFFBAA6C6C5}: C:\Users\Hudson\AppData\Local\{DFFB885A-3A34-4D01-9C50-6AFFBAA6C6C5}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/10 14:48:52 | 000,000,000 | ---D | M]

[2010/02/02 00:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hudson\AppData\Roaming\Mozilla\Extensions
[2010/02/02 00:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hudson\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/17 15:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hudson\AppData\Roaming\Mozilla\Firefox\Profiles\0owebmva.default\extensions
[2012/02/01 16:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/01 07:56:52 | 000,000,000 | ---D | M] (ScanQuery) -- C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}(13)
[2012/02/18 11:42:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003/03/18 23:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\mfc71.dll
[2003/02/21 06:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll
[2010/11/12 20:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/27 20:27:42 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\mozilla firefox\plugins\npmfv.dll
[2012/02/14 16:54:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 16:54:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: IBM Lotus Forms Viewer 7.6.1.233 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmfv.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Hudson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: avast! WebRep = C:\Users\Hudson\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Hudson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/03/06 19:08:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BSDAppUpdater] C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1200349749\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.71.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{704FD937-485D-451D-9B6C-5E6F3A3F122B}: DhcpNameServer = 8.8.8.8 64.61.99.2 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{709520F1-D566-40A7-8713-87FD06B60450}: DhcpNameServer = 10.71.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hudson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Hudson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/16 05:22:04 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/07 16:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/03/06 20:07:21 | 000,337,112 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/03/06 20:07:21 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/03/06 20:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/06 20:07:17 | 000,035,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/03/06 20:07:10 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/03/06 20:07:09 | 000,610,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/03/06 20:07:08 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/03/06 20:05:00 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 20:04:55 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/03/06 20:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/06 20:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/06 19:09:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/06 18:43:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/06 18:43:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/06 18:43:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/06 18:43:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/06 18:43:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/05 23:15:00 | 000,000,000 | R--D | C] -- C:\Users\Hudson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/05 23:14:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/05 23:13:33 | 000,000,000 | R--D | C] -- C:\Users\Hudson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/05 22:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/05 22:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/05 22:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/05 21:17:58 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/03/05 21:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/03/05 21:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/03/01 21:34:21 | 000,000,000 | ---D | C] -- C:\Users\Hudson\AppData\Local\usrCommsdrm
[2012/02/28 18:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/22 22:46:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B56F52F5-B6EA-4C91-9F4C-FC46FAD6F1AC}
[2012/02/22 22:42:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D0D88A79-3F53-4F9D-9D83-21F8EECCCAA3}
[2012/02/22 22:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transparent Language, Inc
[2012/02/22 22:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Transparent
[2012/02/22 22:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Transparent
[2012/02/17 14:34:55 | 000,000,000 | ---D | C] -- C:\Users\Hudson\AppData\Local\odbccfgCtrl
[2012/02/15 14:34:45 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/15 03:03:30 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/15 03:03:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/15 03:03:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/15 03:03:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/15 03:03:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 03:03:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/15 03:03:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/15 03:03:29 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/15 03:03:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 03:03:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/15 03:03:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/15 03:03:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/15 03:03:28 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/15 03:03:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/15 03:03:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/15 03:03:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 03:03:27 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/15 03:03:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 03:03:27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/15 03:03:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/15 03:03:27 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/15 03:03:27 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/15 03:03:26 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/15 03:03:26 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/15 03:03:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 03:03:24 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/15 03:03:24 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/15 03:03:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/15 03:03:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/15 03:03:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/15 03:03:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/15 03:03:24 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/15 03:03:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/15 03:03:23 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/15 03:03:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/15 03:03:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/15 03:03:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/12 21:08:41 | 000,000,000 | -HSD | C] -- C:\Users\Hudson\AppData\Roaming\AV Security Essentials
[2012/02/12 21:08:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\AVMRXFDZDISE
[2012/02/12 21:08:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\3df607
[2012/02/10 18:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[3 C:\Users\Hudson\Desktop\*.tmp files -> C:\Users\Hudson\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/07 20:37:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/07 20:25:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 20:25:41 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 17:46:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/07 16:47:55 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/07 16:33:38 | 000,325,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/07 16:33:38 | 000,041,822 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/07 16:26:34 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/03/07 16:25:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/07 16:25:31 | 2137,382,912 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/06 20:07:21 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/06 20:07:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/06 20:00:53 | 000,000,104 | ---- | M] () -- C:\Users\Hudson\Desktop\Recycle Bin - Shortcut.lnk
[2012/03/06 19:08:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/03/06 16:51:47 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 16:39:11 | 000,001,356 | ---- | M] () -- C:\Users\Hudson\AppData\Local\d3d9caps.dat
[2012/03/05 22:40:18 | 000,001,079 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/05 22:40:18 | 000,001,055 | ---- | M] () -- C:\Users\Hudson\Desktop\Spybot - Search & Destroy.lnk
[2012/03/05 21:05:25 | 000,001,833 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012.lnk
[2012/02/28 18:32:56 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/26 15:57:18 | 000,366,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/23 10:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/23 10:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/23 10:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/23 10:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/23 10:10:46 | 000,035,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/23 10:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/23 10:10:34 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/23 10:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/22 22:42:24 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Transparent Language Library Edition.lnk
[2012/02/15 22:35:10 | 000,002,627 | ---- | M] () -- C:\Users\Hudson\Desktop\Microsoft Office Word 2007.lnk
[2012/02/15 03:23:54 | 000,000,943 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/15 03:03:59 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/15 03:03:59 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/15 03:03:30 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/15 03:03:30 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/15 03:03:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/15 03:03:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/15 03:03:30 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 03:03:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/15 03:03:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/15 03:03:29 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/15 03:03:29 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 03:03:29 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/15 03:03:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/15 03:03:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/15 03:03:28 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/15 03:03:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/15 03:03:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/15 03:03:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/15 03:03:27 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 03:03:27 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/15 03:03:27 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 03:03:27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/15 03:03:27 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/15 03:03:27 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/15 03:03:27 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/15 03:03:26 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/15 03:03:26 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/15 03:03:24 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 03:03:24 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/15 03:03:24 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/15 03:03:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/15 03:03:24 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/15 03:03:24 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/15 03:03:24 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/15 03:03:24 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/15 03:03:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/15 03:03:23 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/15 03:03:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/15 03:03:23 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/15 03:03:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/13 05:41:44 | 000,001,542 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
[2012/02/13 05:41:43 | 000,002,249 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/10 18:35:40 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/02/10 18:35:40 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[3 C:\Users\Hudson\Desktop\*.tmp files -> C:\Users\Hudson\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 20:07:21 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/06 20:00:53 | 000,000,104 | ---- | C] () -- C:\Users\Hudson\Desktop\Recycle Bin - Shortcut.lnk
[2012/03/06 18:43:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/06 18:43:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/06 18:43:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/06 18:43:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/06 18:43:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/06 18:13:04 | 2137,382,912 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/06 16:41:13 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/05 22:40:18 | 000,001,079 | ---- | C] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/05 22:40:18 | 000,001,055 | ---- | C] () -- C:\Users\Hudson\Desktop\Spybot - Search & Destroy.lnk
[2012/03/05 21:05:25 | 000,001,833 | ---- | C] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012.lnk
[2012/02/28 18:32:56 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/22 22:42:24 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Transparent Language Library Edition.lnk
[2012/02/15 03:03:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/12 21:08:47 | 000,001,542 | ---- | C] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
[2011/06/06 17:10:02 | 000,000,000 | ---- | C] () -- C:\Users\Hudson\AppData\Local\{168BD32F-3895-43D4-82B9-D0F0CAC4281C}
[2011/05/18 17:20:48 | 000,000,000 | ---- | C] () -- C:\Users\Hudson\AppData\Local\{4D6EC7A5-86C7-4749-8789-0D285407EC3C}
[2011/05/15 12:26:31 | 000,012,410 | -HS- | C] () -- C:\Users\Hudson\AppData\Local\kqxjax25212syk721811b172n8n71yg66c
[2011/05/15 12:26:31 | 000,012,410 | -HS- | C] () -- C:\ProgramData\kqxjax25212syk721811b172n8n71yg66c
[2011/04/03 15:28:23 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/04/03 15:28:22 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/21 21:16:18 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2010/05/10 14:47:38 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat

========== LOP Check ==========

[2009/11/22 04:12:03 | 000,000,000 | ---D | M] -- C:\Users\Hudson\AppData\Roaming\Anuman Interactive
[2012/02/12 21:09:38 | 000,000,000 | -HSD | M] -- C:\Users\Hudson\AppData\Roaming\AV Security Essentials
[2010/04/02 04:31:27 | 000,000,000 | ---D | M] -- C:\Users\Hudson\AppData\Roaming\BSD
[2010/02/28 17:05:37 | 000,000,000 | ---D | M] -- C:\Users\Hudson\AppData\Roaming\Communicator
[2010/11/27 10:13:11 | 000,000,000 | ---D | M] -- C:\Users\Hudson\AppData\Roaming\LimeWire
[2009/11/22 05:20:08 | 000,000,000 | ---D | M] -- C:\Users\Hudson\AppData\Roaming\MyVirtualHome
[2010/01/14 22:40:41 | 000,000,000 | ---D | M] -- C:\Users\Hudson\AppData\Roaming\PDG Studyware
[2007/12/23 19:37:38 | 000,000,000 | ---D | M] -- C:\Users\Hudson\AppData\Roaming\PlayFirst
[2010/11/08 20:48:02 | 000,000,000 | ---D | M] -- C:\Users\Hudson\AppData\Roaming\PureEdge
[2008/11/27 09:54:31 | 000,000,000 | ---D | M] -- C:\Users\Hudson\AppData\Roaming\Smith Micro
[2009/11/22 04:56:41 | 000,000,000 | ---D | M] -- C:\Users\Hudson\AppData\Roaming\SystemRequirementsLab
[2008/10/05 21:14:22 | 000,000,000 | ---D | M] -- C:\Users\Hudson\AppData\Roaming\Template
[2007/11/30 01:16:14 | 000,000,000 | ---D | M] -- C:\Users\Hudson\AppData\Roaming\WildTangent
[2012/03/06 22:40:36 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/05/19 19:08:49 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D7535A90-343A-4190-A4F4-95F087476F17}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:554C6431
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP

FC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

coolbobd · Mar 8, 2012

OTL Extras

OTL Extras logfile created on: 3/7/2012 9:22:48 PM - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Hudson\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 43.97% Memory free
4.21 Gb Paging File | 2.88 Gb Available in Paging File | 68.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.69 Gb Total Space | 81.39 Gb Free Space | 36.22% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.77 Gb Free Space | 21.55% Space Free | Partition Type: NTFS

Computer Name: HUDSON-PC | User Name: Hudson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A4AFC56-50A3-4969-930A-7A02A54554FA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057E5D40-3D7F-495C-8F11-D835BC83CB62}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0A1545FB-6D01-453E-9A5D-A585ED345D3C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{0E42EFD0-41B7-420D-855D-F682659D27C9}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{0F61355B-1916-4392-B886-73A7230C5201}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{12228946-E3F8-4FB2-A9EE-C682C28411AB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{1327F8D5-3896-485A-A8C6-714E995DC1D6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1AB85924-6AC4-4A9E-9510-707BD94608C8}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{1AC2D228-FF1F-4EDD-9505-D7208AF6A4BE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{23CBF524-8F94-42C9-9BF8-B6A3C89EEFD2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{2A7CA404-B74A-4AA3-A573-5FD6A3529E07}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{3231716B-5F37-48B6-87FF-D3F2B807FFCD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33662EF4-3C46-4E11-82AF-E05B94A29E3D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{3A916457-5F98-4865-977A-7BB2AB6F7E67}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{3AD1DA81-1A94-4F17-8E13-5C6D72E54B04}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{42868AE0-5D75-4D70-8FD9-EF89E532FEC7}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{42A9EB5D-524D-4E58-AC8B-7F142ED42463}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{4AE1268D-3F84-42C9-80A0-47E7C8CB1B52}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{52569B49-0954-4C36-AEBE-259A2C95D187}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{69C07DBB-BA48-4F86-9DE1-0825CC5EC7D9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{6F41A24E-D765-4B39-B89D-FF65A96A1CC0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7643C670-780B-43CD-B8D2-EC2C1B0B9B1E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{78F7C879-ED8E-43DB-AC3D-EEB04203BBA8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{7CE708C9-6B0A-4B12-B84F-1A3D29A2C7A0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{858A8865-96CD-42BD-8503-CA75E2128C1C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{8721A225-8E60-421D-B1D4-A6A57BBEC7C6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{88C274EC-507B-4A91-A5D4-C04A536BD9C3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{8923FDB0-636C-4197-8644-F1E65FE1C02D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{9046ABD2-685D-49E5-BF27-42DA2DDCF124}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{9770B835-03A7-4C7F-AACE-1B2E9A08BE4F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{9C098453-215F-4327-A63C-905AD472099E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{9C371E3C-D05D-4964-9F41-2C02D646C833}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{9C593F52-205C-45ED-972D-B155F3CC7E22}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{ADD149F6-76B5-44ED-AE65-EF20F1F22E94}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{B03C2C5C-4E5F-46FF-8E7E-425921A0FADD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{B7B0027B-EC09-4FF7-BEE3-14869C3E9D03}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2BC5065-DECA-4F7F-965F-DEF5E1B59825}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1200349749\ee\aolsoftware.exe |
"{C9099B8B-5518-4CF4-9D76-0CFBAF2BF309}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{CD57CAA9-9A5D-4541-8D1E-7249790E21B1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3A8F65B-DADD-482B-AF8E-EB31268EFCEE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{D6D887BE-209C-4DE5-9473-F8F93A4C8362}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{D71846D4-7C2C-45D4-B912-03A380A0D68C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{DB2A910C-4FFB-4F06-A64C-FA48952B441B}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1200349749\ee\aolsoftware.exe |
"{E21C88F9-6615-44A8-93E8-7C27E8B58D24}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{E31FE77D-4678-4B1C-BCF0-AE02CEF0DF03}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{E85000C5-7EDE-4F7E-AAAF-CC0C1DE58539}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{E86D1970-25A7-47CD-A1BA-671863044AD3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EC04EA6E-C070-4D13-BD80-7ACFBB504446}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{ECB2D2E9-6C29-4A50-A083-32870D716649}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{F5A89237-78BF-45D5-A273-FD7F3205321C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F693EAA4-1802-4A5E-B14B-FA8E24E3EA2B}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{F9B57D3B-CA67-42D9-A550-AA5E9FFA9593}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1517A7CB-5F00-4A88-8F06-E89B6DB63784}" = ESU for Microsoft Vista
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40385AA8-F33A-4E8E-BCAB-DF94A6AF7D51}" = HP User Guides 0060
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82C6834D-B1DA-4734-8E29-D8170143BB3D}" = Communicator
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}" = IBM Lotus Forms Viewer 3.5.1
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA5B1F20-3E6C-49C5-B7D2-B1F623C61EF4}" = Sound Blaster X-Fi Go!
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6B45398-B8E9-4BA2-ACD8-65D61C65B8AE}" = MyVirtualHome
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66FE99D-7C15-40A0-AE4A-A1A3900D9EE3}" = MyVirtualHome
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}" = HP Wireless Assistant
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"{FD523159-B02F-40C8-BBF1-F29534D98AA1}" = Transparent Language Library Edition
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AudioCS" = Creative Audio Control Panel
"avast" = avast! Free Antivirus
"BFGC" = Big Fish Games Client
"BFG-Cake Mania 2" = Cake Mania 2 (remove only)
"Byki Library Edition" = Byki Library Edition
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"CopySafe Plugin" = CopySafe Plugin
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties" = Creative Sound Blaster Properties
"DivX Setup.divx.com" = DivX Setup
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Host OpenAL" = Host OpenAL
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaWidget - Easy iPod Transfer_is1" = MediaWidget 6.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Shop for HP Supplies" = Shop for HP Supplies
"STANDARDR" = Microsoft Office Standard 2007
"SystemRequirementsLab" = System Requirements Lab
"Transparent Language Library Edition" = Transparent Language Library Edition
"TVWiz" = Intel(R) TV Wizard
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZAccess Manager" = VZAccess Manager
"WildTangent hplaptop Master Uninstall" = My HP Games
"WT027128" = Cake Mania
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1df0cdb088182ccc" = FOREXTraderPro
"998502f2522abe8d" = FOREXTrader
"PDG Gold 4.0" = PDG Gold 4.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/5/2010 8:05:09 PM | Computer Name = Hudson-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9033

Error - 10/5/2010 8:05:09 PM | Computer Name = Hudson-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9033

Error - 10/5/2010 10:13:54 PM | Computer Name = Hudson-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/5/2010 10:13:54 PM | Computer Name = Hudson-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7734015

Error - 10/5/2010 10:13:54 PM | Computer Name = Hudson-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7734015

Error - 10/5/2010 10:13:56 PM | Computer Name = Hudson-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/5/2010 10:13:56 PM | Computer Name = Hudson-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7735887

Error - 10/5/2010 10:13:56 PM | Computer Name = Hudson-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7735887

Error - 10/5/2010 10:13:57 PM | Computer Name = Hudson-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/5/2010 10:13:57 PM | Computer Name = Hudson-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7736901

[ Media Center Events ]
Error - 12/6/2007 10:51:55 PM | Computer Name = Hudson-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/15/2007 4:53:32 PM | Computer Name = Hudson-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 3/9/2008 10:39:01 PM | Computer Name = Hudson-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 4/27/2008 1:00:53 PM | Computer Name = Hudson-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 5/25/2008 4:19:30 AM | Computer Name = Hudson-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/29/2008 9:51:52 PM | Computer Name = Hudson-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 2:00:03 PM | Computer Name = Hudson-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 12/24/2008 8:37:49 PM | Computer Name = Hudson-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 4/4/2009 3:32:13 PM | Computer Name = Hudson-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/25/2010 6:00:43 AM | Computer Name = Hudson-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

[ System Events ]
Error - 3/6/2012 10:18:13 PM | Computer Name = Hudson-PC | Source = DCOM | ID = 10016
Description =

Error - 3/6/2012 10:18:32 PM | Computer Name = Hudson-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/7/2012 12:39:01 AM | Computer Name = Hudson-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 3/7/2012 6:26:28 PM | Computer Name = Hudson-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/7/2012 6:28:04 PM | Computer Name = Hudson-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/7/2012 6:28:06 PM | Computer Name = Hudson-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 3/7/2012 6:28:06 PM | Computer Name = Hudson-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/7/2012 6:29:17 PM | Computer Name = Hudson-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.71.4.184 for the Network Card with network
address 001CBF1DBD13 has been denied by the DHCP server 10.63.254.2 (The DHCP Server
sent a DHCPNACK message).

Error - 3/7/2012 6:29:18 PM | Computer Name = Hudson-PC | Source = DCOM | ID = 10016
Description =

Error - 3/7/2012 6:49:10 PM | Computer Name = Hudson-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

< End of report >

ken545 · Mar 8, 2012

Good Morning,

From ESET
C:\ProgramData\Spybot - Search & Destroy\Recovery <--Open Spybot and delete everything in this folder

C:\Qoobox\Quarantine <--When where done we will remove this, the bad files are harmless in this folder

This quick fix with OTL will get all the rest in your temp files and such.

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses


:OTL
IE - HKLM\..\SearchScopes\{EFDF1BB4-D1A1-4D14-98B1-6CE417CCF54B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{EFDF1BB4-D1A1-4D14-98B1-6CE417CCF54B}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:554C6431
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8


:Services

:Reg

:Files
ipconfig /flushdns /c



:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

coolbobd · Mar 8, 2012

Here is the OTL Fix report.

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFDF1BB4-D1A1-4D14-98B1-6CE417CCF54B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFDF1BB4-D1A1-4D14-98B1-6CE417CCF54B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EFDF1BB4-D1A1-4D14-98B1-6CE417CCF54B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFDF1BB4-D1A1-4D14-98B1-6CE417CCF54B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Unable to delete ADS C:\ProgramData\TEMP:554C6431 .
Unable to delete ADS C:\ProgramData\TEMP

FC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Hudson\Downloads\cmd.bat deleted successfully.
C:\Users\Hudson\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hudson
->Temp folder emptied: 696594 bytes
->Temporary Internet Files folder emptied: 145054794 bytes
->Java cache emptied: 15909178 bytes
->FireFox cache emptied: 43978749 bytes
->Google Chrome cache emptied: 73596040 bytes
->Flash cache emptied: 10436831 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1459714 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1068013 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 279.00 mb

OTL by OldTimer - Version 3.2.36.1 log created on 03082012_151306

Files\Folders moved on Reboot...
File move failed. C:\Users\Hudson\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

And here is the new OTL scan.

OTL logfile created on: 3/8/2012 4:04:48 PM - Run 2
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Hudson\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.83% Memory free
4.21 Gb Paging File | 3.00 Gb Available in Paging File | 71.20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.69 Gb Total Space | 81.27 Gb Free Space | 36.17% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.77 Gb Free Space | 21.55% Space Free | Partition Type: NTFS

Computer Name: HUDSON-PC | User Name: Hudson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hudson\Downloads\OTL (4).exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\aol\1200349749\ee\aolsoftware.exe (America Online, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Google\Chrome\Application\17.0.963.66\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\17.0.963.66\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\17.0.963.66\avutil-51.dll ()
MOD - C:\Program Files\Google\Chrome\Application\17.0.963.66\avformat-53.dll ()
MOD - C:\Program Files\Google\Chrome\Application\17.0.963.66\avcodec-53.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Windows\System32\CmdRtr.DLL ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()

========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (IpInIp) -- File not found
DRV - (esgiguard) -- File not found
DRV - (catchme) -- File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (ksaud) -- C:\Windows\System32\drivers\ksaud.sys (Creative Technology Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {71A14E52-DA1B-449D-933E-1E6AC6051285}
IE - HKLM\..\SearchScopes\{71A14E52-DA1B-449D-933E-1E6AC6051285}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{94BFDA08-B098-4820-B5C7-C0795B490C7F}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {71A14E52-DA1B-449D-933E-1E6AC6051285}
IE - HKCU\..\SearchScopes\{71A14E52-DA1B-449D-933E-1E6AC6051285}: "URL" = http://findgala.com/?&uid=8039&q={searchTerms}
IE - HKCU\..\SearchScopes\{94BFDA08-B098-4820-B5C7-C0795B490C7F}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/10 14:48:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/03 16:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/03 16:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/06 20:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 11:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 19:46:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DFFB885A-3A34-4D01-9C50-6AFFBAA6C6C5}: C:\Users\Hudson\AppData\Local\{DFFB885A-3A34-4D01-9C50-6AFFBAA6C6C5}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/10 14:48:52 | 000,000,000 | ---D | M]

[2010/02/02 00:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hudson\AppData\Roaming\Mozilla\Extensions
[2010/02/02 00:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hudson\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/17 15:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hudson\AppData\Roaming\Mozilla\Firefox\Profiles\0owebmva.default\extensions
[2012/02/01 16:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/01 07:56:52 | 000,000,000 | ---D | M] (ScanQuery) -- C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}(13)
[2012/02/18 11:42:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003/03/18 23:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\mfc71.dll
[2003/02/21 06:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll
[2010/11/12 20:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/27 20:27:42 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\mozilla firefox\plugins\npmfv.dll
[2012/02/14 16:54:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 16:54:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: IBM Lotus Forms Viewer 7.6.1.233 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmfv.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Hudson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: avast! WebRep = C:\Users\Hudson\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Hudson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/03/08 15:13:09 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BSDAppUpdater] C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1200349749\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.71.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{704FD937-485D-451D-9B6C-5E6F3A3F122B}: DhcpNameServer = 8.8.8.8 64.61.99.2 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{709520F1-D566-40A7-8713-87FD06B60450}: DhcpNameServer = 10.71.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hudson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Hudson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/16 05:22:04 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 15:08:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/06 20:07:21 | 000,337,112 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/03/06 20:07:21 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/03/06 20:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/06 20:07:17 | 000,035,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/03/06 20:07:10 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/03/06 20:07:09 | 000,610,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/03/06 20:07:08 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/03/06 20:05:00 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 20:04:55 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/03/06 20:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/06 20:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/06 19:09:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/06 18:43:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/06 18:43:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/06 18:43:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/06 18:43:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/06 18:43:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/05 23:15:00 | 000,000,000 | R--D | C] -- C:\Users\Hudson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/05 23:14:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/05 23:13:33 | 000,000,000 | R--D | C] -- C:\Users\Hudson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/05 22:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/05 22:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/05 22:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/05 21:17:58 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/03/05 21:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/03/05 21:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/03/01 21:34:21 | 000,000,000 | ---D | C] -- C:\Users\Hudson\AppData\Local\usrCommsdrm
[2012/02/28 18:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/22 22:46:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B56F52F5-B6EA-4C91-9F4C-FC46FAD6F1AC}
[2012/02/22 22:42:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D0D88A79-3F53-4F9D-9D83-21F8EECCCAA3}
[2012/02/22 22:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transparent Language, Inc
[2012/02/22 22:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Transparent
[2012/02/22 22:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Transparent
[2012/02/17 14:34:55 | 000,000,000 | ---D | C] -- C:\Users\Hudson\AppData\Local\odbccfgCtrl
[2012/02/15 14:34:45 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/15 03:03:30 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/15 03:03:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/15 03:03:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/15 03:03:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/15 03:03:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 03:03:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/15 03:03:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/15 03:03:29 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/15 03:03:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 03:03:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/15 03:03:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/15 03:03:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/15 03:03:28 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/15 03:03:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/15 03:03:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/15 03:03:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 03:03:27 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/15 03:03:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 03:03:27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/15 03:03:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/15 03:03:27 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/15 03:03:27 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/15 03:03:26 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/15 03:03:26 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/15 03:03:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 03:03:24 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/15 03:03:24 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/15 03:03:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/15 03:03:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/15 03:03:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/15 03:03:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/15 03:03:24 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/15 03:03:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/15 03:03:23 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/15 03:03:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/15 03:03:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/15 03:03:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/12 21:08:41 | 000,000,000 | -HSD | C] -- C:\Users\Hudson\AppData\Roaming\AV Security Essentials
[2012/02/12 21:08:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\AVMRXFDZDISE
[2012/02/12 21:08:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\3df607
[2012/02/10 18:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[3 C:\Users\Hudson\Desktop\*.tmp files -> C:\Users\Hudson\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/08 15:37:12 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 15:28:48 | 000,325,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/08 15:28:48 | 000,041,822 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/08 15:25:12 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/03/08 15:22:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 15:22:09 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 15:22:09 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/08 15:21:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/08 15:21:55 | 2135,322,624 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 15:13:09 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/03/07 16:47:55 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/06 20:07:21 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/06 20:07:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/06 20:00:53 | 000,000,104 | ---- | M] () -- C:\Users\Hudson\Desktop\Recycle Bin - Shortcut.lnk
[2012/03/06 16:51:47 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 16:39:11 | 000,001,356 | ---- | M] () -- C:\Users\Hudson\AppData\Local\d3d9caps.dat
[2012/03/05 22:40:18 | 000,001,079 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/05 22:40:18 | 000,001,055 | ---- | M] () -- C:\Users\Hudson\Desktop\Spybot - Search & Destroy.lnk
[2012/03/05 21:05:25 | 000,001,833 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012.lnk
[2012/02/28 18:32:56 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/26 15:57:18 | 000,366,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/23 10:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/23 10:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/23 10:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/23 10:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/23 10:10:46 | 000,035,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/23 10:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/23 10:10:34 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/23 10:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/22 22:42:24 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Transparent Language Library Edition.lnk
[2012/02/15 22:35:10 | 000,002,627 | ---- | M] () -- C:\Users\Hudson\Desktop\Microsoft Office Word 2007.lnk
[2012/02/15 03:23:54 | 000,000,943 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/15 03:03:59 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/15 03:03:59 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/15 03:03:30 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/15 03:03:30 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/15 03:03:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/15 03:03:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/15 03:03:30 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 03:03:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/15 03:03:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/15 03:03:29 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/15 03:03:29 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 03:03:29 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/15 03:03:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/15 03:03:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/15 03:03:28 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/15 03:03:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/15 03:03:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/15 03:03:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/15 03:03:27 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 03:03:27 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/15 03:03:27 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 03:03:27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/15 03:03:27 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/15 03:03:27 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/15 03:03:27 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/15 03:03:26 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/15 03:03:26 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/15 03:03:24 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 03:03:24 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/15 03:03:24 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/15 03:03:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/15 03:03:24 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/15 03:03:24 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/15 03:03:24 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/15 03:03:24 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/15 03:03:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/15 03:03:23 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/15 03:03:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/15 03:03:23 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/15 03:03:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/13 05:41:44 | 000,001,542 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
[2012/02/13 05:41:43 | 000,002,249 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/10 18:35:40 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/02/10 18:35:40 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[3 C:\Users\Hudson\Desktop\*.tmp files -> C:\Users\Hudson\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 20:07:21 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/06 20:00:53 | 000,000,104 | ---- | C] () -- C:\Users\Hudson\Desktop\Recycle Bin - Shortcut.lnk
[2012/03/06 18:43:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/06 18:43:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/06 18:43:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/06 18:43:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/06 18:43:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/06 18:13:04 | 2135,322,624 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/06 16:41:13 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/05 22:40:18 | 000,001,079 | ---- | C] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/05 22:40:18 | 000,001,055 | ---- | C] () -- C:\Users\Hudson\Desktop\Spybot - Search & Destroy.lnk
[2012/03/05 21:05:25 | 000,001,833 | ---- | C] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012.lnk
[2012/02/28 18:32:56 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/22 22:42:24 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Transparent Language Library Edition.lnk
[2012/02/15 03:03:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/12 21:08:47 | 000,001,542 | ---- | C] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
[2011/06/06 17:10:02 | 000,000,000 | ---- | C] () -- C:\Users\Hudson\AppData\Local\{168BD32F-3895-43D4-82B9-D0F0CAC4281C}
[2011/05/18 17:20:48 | 000,000,000 | ---- | C] () -- C:\Users\Hudson\AppData\Local\{4D6EC7A5-86C7-4749-8789-0D285407EC3C}
[2011/05/15 12:26:31 | 000,012,410 | -HS- | C] () -- C:\Users\Hudson\AppData\Local\kqxjax25212syk721811b172n8n71yg66c
[2011/05/15 12:26:31 | 000,012,410 | -HS- | C] () -- C:\ProgramData\kqxjax25212syk721811b172n8n71yg66c
[2011/04/03 15:28:23 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/04/03 15:28:22 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/21 21:16:18 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2010/05/10 14:47:38 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat

< End of report >

ken545 · Mar 8, 2012

This should not take long

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses


:OTL
IE - HKCU\..\SearchScopes\{71A14E52-DA1B-449D-933E-1E6AC6051285}: "URL" = http://findgala.com/?&uid=8039&q={searchTerms}
[2012/03/05 21:05:25 | 000,001,833 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012.lnk


:Services

:Reg

:Files


:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

coolbobd · Mar 8, 2012

Here is the Fix Scan.

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{71A14E52-DA1B-449D-933E-1E6AC6051285}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71A14E52-DA1B-449D-933E-1E6AC6051285}\ not found.
C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012.lnk moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hudson
->Temp folder emptied: 85960 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 7421012 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10165 bytes
RecycleBin emptied: 158736 bytes

Total Files Cleaned = 7.00 mb

OTL by OldTimer - Version 3.2.36.1 log created on 03082012_164807

Files\Folders moved on Reboot...
File move failed. C:\Users\Hudson\AppData\Local\Temp\ehmsas.txt scheduled to be moved on reboot.
File\Folder C:\Users\Hudson\AppData\Local\Temp\WERCB5B.tmp.version.txt not found!

Registry entries deleted on Reboot...

Here is the New Scan

OTL logfile created on: 3/8/2012 5:09:08 PM - Run 3
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Hudson\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 40.94% Memory free
4.21 Gb Paging File | 2.92 Gb Available in Paging File | 69.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.69 Gb Total Space | 81.17 Gb Free Space | 36.13% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.77 Gb Free Space | 21.55% Space Free | Partition Type: NTFS

Computer Name: HUDSON-PC | User Name: Hudson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hudson\Downloads\OTL (4).exe (OldTimer Tools)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Common Files\aol\1200349749\ee\aolsoftware.exe (America Online, Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Google\Chrome\Application\17.0.963.78\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\17.0.963.78\avutil-51.dll ()
MOD - C:\Program Files\Google\Chrome\Application\17.0.963.78\avformat-53.dll ()
MOD - C:\Program Files\Google\Chrome\Application\17.0.963.78\avcodec-53.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\System32\APOMngr.DLL ()
MOD - C:\Windows\System32\CmdRtr.DLL ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeXMP.dll ()

========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (IpInIp) -- File not found
DRV - (esgiguard) -- File not found
DRV - (catchme) -- File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)
DRV - (ksaud) -- C:\Windows\System32\drivers\ksaud.sys (Creative Technology Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (HdAudAddService) -- C:\Windows\System32\drivers\CHDART.sys (Conexant Systems Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (eabfiltr) -- C:\Windows\System32\drivers\eabfiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
IE - HKLM\..\SearchScopes,DefaultScope = {71A14E52-DA1B-449D-933E-1E6AC6051285}
IE - HKLM\..\SearchScopes\{71A14E52-DA1B-449D-933E-1E6AC6051285}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
IE - HKLM\..\SearchScopes\{94BFDA08-B098-4820-B5C7-C0795B490C7F}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {71A14E52-DA1B-449D-933E-1E6AC6051285}
IE - HKCU\..\SearchScopes\{94BFDA08-B098-4820-B5C7-C0795B490C7F}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=HVDUS7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/10 14:48:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/04/03 16:04:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/04/03 16:04:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/06 20:05:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/18 11:42:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 19:46:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{DFFB885A-3A34-4D01-9C50-6AFFBAA6C6C5}: C:\Users\Hudson\AppData\Local\{DFFB885A-3A34-4D01-9C50-6AFFBAA6C6C5}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/10 14:48:52 | 000,000,000 | ---D | M]

[2010/02/02 00:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hudson\AppData\Roaming\Mozilla\Extensions
[2010/02/02 00:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hudson\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/17 15:31:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hudson\AppData\Roaming\Mozilla\Firefox\Profiles\0owebmva.default\extensions
[2012/02/01 16:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/01 07:56:52 | 000,000,000 | ---D | M] (ScanQuery) -- C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}(13)
[2012/02/18 11:42:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003/03/18 23:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\mfc71.dll
[2003/02/21 06:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll
[2010/11/12 20:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/27 20:27:42 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\mozilla firefox\plugins\npmfv.dll
[2012/02/14 16:54:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 16:54:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.78\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: IBM Lotus Forms Viewer 7.6.1.233 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmfv.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Hudson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: avast! WebRep = C:\Users\Hudson\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Hudson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2012/03/08 15:13:09 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BSDAppUpdater] C:\Program Files\Common Files\BSD\AppUpdater\BSDChecker.exe (Bootstrap Software Development)
O4 - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\System32\SBAVMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1200349749\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.71.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{704FD937-485D-451D-9B6C-5E6F3A3F122B}: DhcpNameServer = 8.8.8.8 64.61.99.2 4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{709520F1-D566-40A7-8713-87FD06B60450}: DhcpNameServer = 10.71.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hudson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Hudson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/16 05:22:04 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 09:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 15:08:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/06 20:07:21 | 000,337,112 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/03/06 20:07:21 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/03/06 20:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/06 20:07:17 | 000,035,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/03/06 20:07:10 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/03/06 20:07:09 | 000,610,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/03/06 20:07:08 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/03/06 20:05:00 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 20:04:55 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/03/06 20:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/06 20:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/06 19:09:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/06 18:43:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/06 18:43:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/06 18:43:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/06 18:43:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/03/06 18:43:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/05 23:15:00 | 000,000,000 | R--D | C] -- C:\Users\Hudson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/05 23:14:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/05 23:13:33 | 000,000,000 | R--D | C] -- C:\Users\Hudson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/05 22:40:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/03/05 22:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/05 22:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/03/05 21:17:58 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/03/05 21:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/03/05 21:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/03/01 21:34:21 | 000,000,000 | ---D | C] -- C:\Users\Hudson\AppData\Local\usrCommsdrm
[2012/02/28 18:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/02/22 22:46:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B56F52F5-B6EA-4C91-9F4C-FC46FAD6F1AC}
[2012/02/22 22:42:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\{D0D88A79-3F53-4F9D-9D83-21F8EECCCAA3}
[2012/02/22 22:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transparent Language, Inc
[2012/02/22 22:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Transparent
[2012/02/22 22:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Transparent
[2012/02/17 14:34:55 | 000,000,000 | ---D | C] -- C:\Users\Hudson\AppData\Local\odbccfgCtrl
[2012/02/15 14:34:45 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/15 03:03:30 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/15 03:03:30 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/15 03:03:30 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/15 03:03:30 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/15 03:03:30 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 03:03:30 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/15 03:03:29 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/15 03:03:29 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/15 03:03:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 03:03:29 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/15 03:03:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/15 03:03:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/15 03:03:28 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/15 03:03:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/15 03:03:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/15 03:03:27 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 03:03:27 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/15 03:03:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 03:03:27 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/15 03:03:27 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/15 03:03:27 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/15 03:03:27 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/15 03:03:26 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/15 03:03:26 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/15 03:03:24 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 03:03:24 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/15 03:03:24 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/15 03:03:24 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/15 03:03:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/15 03:03:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/15 03:03:24 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/15 03:03:24 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/15 03:03:23 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/15 03:03:23 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/15 03:03:23 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/15 03:03:23 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/15 03:03:23 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/12 21:08:41 | 000,000,000 | -HSD | C] -- C:\Users\Hudson\AppData\Roaming\AV Security Essentials
[2012/02/12 21:08:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\AVMRXFDZDISE
[2012/02/12 21:08:03 | 000,000,000 | -HSD | C] -- C:\ProgramData\3df607
[2012/02/10 18:35:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[3 C:\Users\Hudson\Desktop\*.tmp files -> C:\Users\Hudson\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/08 17:05:29 | 000,325,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/08 17:05:29 | 000,041,822 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/08 17:00:45 | 000,000,149 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/03/08 16:57:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 16:57:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 16:57:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/08 16:57:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/08 16:57:41 | 2137,382,912 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 16:39:25 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 16:39:24 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/08 15:13:09 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/03/06 20:07:21 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/06 20:07:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/06 20:00:53 | 000,000,104 | ---- | M] () -- C:\Users\Hudson\Desktop\Recycle Bin - Shortcut.lnk
[2012/03/06 16:51:47 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/06 16:39:11 | 000,001,356 | ---- | M] () -- C:\Users\Hudson\AppData\Local\d3d9caps.dat
[2012/03/05 22:40:18 | 000,001,079 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/05 22:40:18 | 000,001,055 | ---- | M] () -- C:\Users\Hudson\Desktop\Spybot - Search & Destroy.lnk
[2012/02/28 18:32:56 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/26 15:57:18 | 000,366,832 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/23 10:23:26 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/02/23 10:23:21 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/02/23 10:12:28 | 000,610,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/02/23 10:12:16 | 000,337,112 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/02/23 10:10:46 | 000,035,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/02/23 10:10:39 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/02/23 10:10:34 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/02/23 10:10:16 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/22 22:42:24 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\Transparent Language Library Edition.lnk
[2012/02/15 22:35:10 | 000,002,627 | ---- | M] () -- C:\Users\Hudson\Desktop\Microsoft Office Word 2007.lnk
[2012/02/15 03:23:54 | 000,000,943 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/15 03:03:59 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/15 03:03:59 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/15 03:03:30 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/15 03:03:30 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/15 03:03:30 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/15 03:03:30 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/15 03:03:30 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/15 03:03:30 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/15 03:03:29 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/15 03:03:29 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/15 03:03:29 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/15 03:03:29 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/15 03:03:28 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/15 03:03:28 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/15 03:03:28 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/15 03:03:28 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/15 03:03:28 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/15 03:03:28 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/15 03:03:27 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 03:03:27 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/15 03:03:27 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/15 03:03:27 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/15 03:03:27 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/15 03:03:27 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/15 03:03:27 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/15 03:03:26 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/15 03:03:26 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/15 03:03:24 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/15 03:03:24 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/15 03:03:24 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/15 03:03:24 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/15 03:03:24 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/15 03:03:24 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/15 03:03:24 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/15 03:03:24 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/15 03:03:23 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/15 03:03:23 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/15 03:03:23 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/15 03:03:23 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/15 03:03:23 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/13 05:41:44 | 000,001,542 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
[2012/02/13 05:41:43 | 000,002,249 | ---- | M] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/10 18:35:40 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/02/10 18:35:40 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[3 C:\Users\Hudson\Desktop\*.tmp files -> C:\Users\Hudson\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/06 20:07:21 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/06 20:00:53 | 000,000,104 | ---- | C] () -- C:\Users\Hudson\Desktop\Recycle Bin - Shortcut.lnk
[2012/03/06 18:43:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/06 18:43:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/06 18:43:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/06 18:43:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/06 18:43:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/06 18:13:04 | 2137,382,912 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/06 16:41:13 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/05 22:40:18 | 000,001,079 | ---- | C] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/03/05 22:40:18 | 000,001,055 | ---- | C] () -- C:\Users\Hudson\Desktop\Spybot - Search & Destroy.lnk
[2012/02/28 18:32:56 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/02/22 22:42:24 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\Transparent Language Library Edition.lnk
[2012/02/15 03:03:28 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/12 21:08:47 | 000,001,542 | ---- | C] () -- C:\Users\Hudson\Application Data\Microsoft\Internet Explorer\Quick Launch\AV Security Essentials.lnk
[2011/06/06 17:10:02 | 000,000,000 | ---- | C] () -- C:\Users\Hudson\AppData\Local\{168BD32F-3895-43D4-82B9-D0F0CAC4281C}
[2011/05/18 17:20:48 | 000,000,000 | ---- | C] () -- C:\Users\Hudson\AppData\Local\{4D6EC7A5-86C7-4749-8789-0D285407EC3C}
[2011/05/15 12:26:31 | 000,012,410 | -HS- | C] () -- C:\Users\Hudson\AppData\Local\kqxjax25212syk721811b172n8n71yg66c
[2011/05/15 12:26:31 | 000,012,410 | -HS- | C] () -- C:\ProgramData\kqxjax25212syk721811b172n8n71yg66c
[2011/04/03 15:28:23 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/04/03 15:28:22 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/11/21 21:16:18 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2010/05/10 14:47:38 | 000,023,113 | ---- | C] () -- C:\Windows\hpqins15.dat

< End of report >

ken545 · Mar 8, 2012

Wonderfull, if you have the time, run ESET again and post the new log please and also let me know how you think your computer is behaving now

coolbobd · Mar 9, 2012

I would like to thank you for the help, unfortunately the person required his computer back so I was not able to do an ESET scan. It did run quite a bit faster and there were not any hiccups when loading Windows.

Security Shield 2012 removal help

New member

Emeritus-Security Expert

New member

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

New member

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member

Emeritus-Security Expert

New member