Jump to content


[RESOLVED] sisters windows 7 laptop infected

Started By ProblemsRBad, Nov 25 2011 05:21 PM

  • You cannot start a new topic
  • You cannot reply to this topic
15 replies to this topic

#1 ProblemsRBad

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 08:52 AM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 25 November 2011 - 05:21 PM

ran mallwear bytes found 119 infections. ran gmar and no resultes in the log and it was empty. here is the rest of the logs

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8238
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
11/25/2011 9:20:22 AM
mbam-log-2011-11-25 (09-20-22).txt
Scan type: Quick scan
Objects scanned: 185816
Time elapsed: 9 minute(s), 30 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 4
Registry Keys Infected: 98
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 34
Memory Processes Infected:
c:\program files (x86)\televisionfanatic\bar\1.bin\64brmon.exe (Adware.MyWebSearch) -> 3256 -> Unloaded process successfully.
Memory Modules Infected:
c:\program files (x86)\televisionfanatic\bar\1.bin\64SrcAs.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\televisionfanatic\bar\1.bin\64dlghk.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\televisionfanatic\bar\1.bin\64auxstb.dll (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\televisionfanatic\bar\1.bin\64brstub.dll (Adware.MyWebSearch) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{AED3B1E0-FABB-4C27-A2DA-EC8352EE7E30} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{04d2b915-19ff-41e9-994d-95dc898bea43} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0597D3BE-9A4D-4426-A8A7-572AD299852E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cb41fc95-f1b3-4797-8bb6-1012ff62abba} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696F815-A3A9-490A-BB14-9EC3350B1276} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{952C6F00-CBA7-47BE-BAF3-CFC5808E6C7B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{A3866408-A46D-4421-816F-F34D7247A046} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.HTMLMenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{73CADBBD-4DC5-419D-84F1-E7BF4C3B20C4} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{387DFACE-9E46-415F-8C86-18083B7D6EAD} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.ScriptButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.ScriptButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{67d33c35-62e9-4f77-a284-9e9d256f7846} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.DynamicBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.DynamicBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{A378FD9D-B406-44BB-96D2-8CDAA668713F} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.FeedManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.FeedManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{34979CB5-728D-4727-81BF-01850A3BB89B} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{934063FB-A81D-4849-B02C-478446DF3219} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609D-C8B4-4CF5-A2C7-28223D0C3D92} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{03F59B4B-09D9-40F0-A01A-6E895023F2F0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.Radio.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.Radio (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8be781d8-5e70-423d-82de-9e4756fce53c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{026FD9BA-112B-4D9F-86EA-589E28016E8C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0328B630-EA94-4FA3-9F27-8250B6324DDB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.XMLSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.XMLSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BE781D8-5E70-423D-82DE-9E4756FCE53C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.RadioSettings.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.RadioSettings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cd3cae95-556f-46ae-b636-45dc6b297eb1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6784D08D-CDC3-419D-9B97-744A351ED908} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TelevisionFanatic.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{608F7340-E221-4AFB-A848-C4DAD297CD58} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{966430CC-2097-45CA-8626-2C3F454C3297} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0696F815-A3A9-490A-BB14-9EC3350B1276} (Adware.MyWebSearch) -> Value: {0696F815-A3A9-490A-BB14-9EC3350B1276} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{C98D5B61-B0EA-4D48-9839-1079D352D880} (Adware.MyWebSearch) -> Value: {C98D5B61-B0EA-4D48-9839-1079D352D880} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0696f815-a3a9-490a-bb14-9ec3350b1276} (Adware.MyWebSearch) -> Value: {0696f815-a3a9-490a-bb14-9ec3350b1276} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c98d5b61-b0ea-4d48-9839-1079d352d880} (Adware.MyWebSearch) -> Value: {c98d5b61-b0ea-4d48-9839-1079d352d880} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TelevisionFanatic Browser Plugin Loader (Adware.MyWebSearch) -> Value: TelevisionFanatic Browser Plugin Loader -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\64ffxtbr@TelevisionFanatic.com (Adware.MyWebSearch) -> Value: 64ffxtbr@TelevisionFanatic.com -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\program files (x86)\televisionfanatic\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
c:\program files (x86)\televisionfanatic\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
c:\program files (x86)\televisionfanatic\bar\1.bin\64httpct.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64bar.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64SrcAs.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64skin.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64htmlmu.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64datact.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64mlbtn.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64script.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64dyn.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64feedmg.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64tpinst.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64uabtn.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64radio.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64msg.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64html.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64dlghk.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\AMY\AppData\Local\Temp\is1598539481\4978022_setup.dat (Adware.TryMedia) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64brmon.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64barsvc.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64auxstb.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64brstub.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64highin.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64idle.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64impipe.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64medint.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64Plugin.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64regfft.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64regiet.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\64skplay.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\LOGO.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\NP64Stub.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files (x86)\televisionfanatic\bar\1.bin\chrome\64ffxtbr.jar (Adware.MyWebSearch) -> Quarantined and deleted successfully.


--------------------------------------------------------------------------------------------------------------------------------------

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-25 10:19:56
-----------------------------
10:19:56.680 OS Version: Windows x64 6.1.7601 Service Pack 1
10:19:56.680 Number of processors: 1 586 0x603
10:19:56.680 ComputerName: AMY-HP UserName: AMY
10:19:58.864 Initialize success
10:20:20.663 AVAST engine download error: 0
10:20:44.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
10:20:44.281 Disk 0 Vendor: ST925031 0005 Size: 238475MB BusType: 11
10:20:46.371 Disk 0 MBR read successfully
10:20:46.387 Disk 0 MBR scan
10:20:46.387 Disk 0 unknown MBR code
10:20:46.403 Service scanning
10:20:48.119 Modules scanning
10:20:48.119 Disk 0 trace - called modules:
10:20:48.197 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
10:20:48.197 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800257d5d0]
10:20:48.197 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa8002537b80]
10:20:48.197 5 amdxata.sys[fffff880011407a8] -> nt!IofCallDriver -> \Device\00000063[0xfffffa8002532060]
10:20:48.212 Scan finished successfully
10:33:36.551 Disk 0 MBR has been saved successfully to "C:\Users\AMY\Desktop\MBR.dat"
10:33:36.567 The log file has been saved successfully to "C:\Users\AMY\Desktop\aswMBR.txt"


-------------------------------------------------------------------------------------------------------------------------------------



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by AMY at 10:34:34 on 2011-11-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.791 [GMT -5:00]
.
AV: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with Spy Sweeper *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\VIDEOS~2\bar\1.bin\1ebarsvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: N/A: {57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrcAs.dll
mURLSearchHooks: H - No File
mURLSearchHooks: N/A: {57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrcAs.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Toolbar BHO: {c6549209-1ff1-4a5c-a815-981f64f34b19} - C:\PROGRA~2\VIDEOS~2\bar\1.bin\1ebar.dll
BHO: GamesBarBHO Class: {cb0d163c-e9f4-4236-9496-0597e24b23a5} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
BHO: Search Assistant BHO: {d047fe10-dfe2-45cf-9fbf-966b9e64920f} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrcAs.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB: !{acf7da4c-eeb2-484a-a3a1-303d4054d50c} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: GamesBar: {6f282b65-56bf-4bd1-a8b2-a4449a05863d} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
uRun: [HPAdvisorDock] "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [SearchEngineProtection] "C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Quick Launch] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun: [VideoScavenger_1e Browser Plugin Loader] "C:\PROGRA~2\VIDEOS~2\bar\1.bin\1ebrmon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
StartupFolder: C:\Users\AMY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ROLLER~1.LNK - C:\Users\AMY\AppData\Local\Temp\{FC9EBBE7-17AB-45BD-9BB6-9B6940A139AC}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
StartupFolder: C:\Users\AMY\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOSKM~1.LNK - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.128.128.128
TCP: Interfaces\{F829F085-FC56-4DDC-996F-45BBF8054C8C} : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{F829F085-FC56-4DDC-996F-45BBF8054C8C}\35563657275646D25437375687D2261646D276164756771697 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{F829F085-FC56-4DDC-996F-45BBF8054C8C}\458656025437375687021647028416D60747F6D2261646D276164756771697 : DhcpNameServer = 10.128.128.128
TCP: Interfaces\{F829F085-FC56-4DDC-996F-45BBF8054C8C}\4646D2772747F5671607 : DhcpNameServer = 192.168.69.1
TCP: Interfaces\{F829F085-FC56-4DDC-996F-45BBF8054C8C}\4646D2772747F56727 : DhcpNameServer = 192.168.69.1
TCP: Interfaces\{F829F085-FC56-4DDC-996F-45BBF8054C8C}\C696E6B6379737 : DhcpNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{F829F085-FC56-4DDC-996F-45BBF8054C8C}\F4754402D2025437375687021647028416D60747F6E6 : DhcpNameServer = 10.128.128.128
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Toolbar BHO: {c6549209-1ff1-4a5c-a815-981f64f34b19} - C:\PROGRA~2\VIDEOS~2\bar\1.bin\1ebar.dll
BHO-X64: GamesBarBHO Class: {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
BHO-X64: Search Assistant BHO: {d047fe10-dfe2-45cf-9fbf-966b9e64920f} - C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eSrcAs.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: NetAssistant: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
BHO-X64: NetAssistantBHO - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: GamesBar: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files (x86)\GamesBar\2.0.1.82\oberontb.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HP Quick Launch] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
mRun-x64: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun-x64: [HP Software Update] "C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
mRun-x64: [VideoScavenger_1e Browser Plugin Loader] "C:\PROGRA~2\VIDEOS~2\bar\1.bin\1ebrmon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110419.001\BHDrvx64.sys [2011-4-19 1127032]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110425.001\IDSviA64.sys [2011-4-25 476792]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-12-29 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-6-29 27192]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-25 366152]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-5-9 130008]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 ssfmonm;ssfmonm;C:\Windows\system32\DRIVERS\ssfmonm.sys --> C:\Windows\system32\DRIVERS\ssfmonm.sys [?]
R2 VideoScavenger_1eService;VideoScavenger Service;C:\PROGRA~2\VIDEOS~2\bar\1.bin\1ebarsvc.exe [2011-5-7 36864]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe [2011-2-26 3997912]
R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-11-22 3386840]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-2-26 132656]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-27 136176]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-27 136176]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-25 14:27:25 -------- d-----w- C:\Users\AMY\AppData\Local\{B24BFC29-ECDF-4C01-9C79-238712A096E2}
2011-11-25 14:26:47 -------- d-----w- C:\Users\AMY\AppData\Local\{19BB6AA2-4F2B-4272-908E-F997BCDCD009}
2011-11-25 14:07:46 -------- d-----w- C:\Users\AMY\AppData\Roaming\Malwarebytes
2011-11-25 14:07:26 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-25 14:07:22 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-11-25 14:07:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-23 14:08:15 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CA9F207-38E1-4966-A6A9-073E791B23B5}\offreg.dll
2011-11-22 13:20:27 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7CA9F207-38E1-4966-A6A9-073E791B23B5}\mpengine.dll
2011-11-21 13:10:22 -------- d-----w- C:\Users\AMY\AppData\Local\{1AFBCBB0-E9DA-4662-AC8D-85571FE486D0}
2011-11-21 13:10:04 -------- d-----w- C:\Users\AMY\AppData\Local\{346962D6-9D33-497A-A6A0-04C6E82A3F8C}
2011-11-20 13:14:43 -------- d-----w- C:\Users\AMY\AppData\Local\{CAEE3AEC-20F5-42BA-99F6-3B7483A13EE5}
2011-11-20 13:14:15 -------- d-----w- C:\Users\AMY\AppData\Local\{1E161D7D-2D2A-4A20-8239-15DE55C3229F}
2011-11-19 20:47:02 -------- d-----w- C:\ProgramData\Oberon Media
2011-11-19 20:47:02 -------- d-----w- C:\Program Files (x86)\Oberon Media
2011-11-19 20:46:40 -------- d-----w- C:\Users\AMY\AppData\Roaming\Oberon Media
2011-11-19 20:46:38 -------- d-----w- C:\ProgramData\GamesBar
2011-11-19 20:46:35 -------- d-----w- C:\Program Files (x86)\GamesBar
2011-11-19 20:46:29 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media
2011-11-19 20:41:20 -------- d-----w- C:\Users\AMY\AppData\Local\Oberon Media
2011-11-19 13:27:33 -------- d-----w- C:\Users\AMY\AppData\Local\{FDFBAC63-6F4B-4C23-8514-7F84E6FECB28}
2011-11-19 13:27:14 -------- d-----w- C:\Users\AMY\AppData\Local\{41495831-014B-4CF4-92A0-F7BC9A157B21}
2011-11-18 09:31:49 -------- d-----w- C:\Users\AMY\AppData\Local\{679BE491-2970-4EC6-95D3-ED6E811CFC44}
2011-11-18 09:31:29 -------- d-----w- C:\Users\AMY\AppData\Local\{16A24F18-BF46-47AB-980F-1FC7B956269C}
2011-11-14 12:34:42 -------- d-----w- C:\Users\AMY\AppData\Local\{2A817F2B-03C1-43AA-B386-F485B0086AA6}
2011-11-14 12:34:18 -------- d-----w- C:\Users\AMY\AppData\Local\{77AE9F90-584D-4D67-987C-F5F6BEF9529D}
2011-11-11 15:09:55 -------- d-----w- C:\Users\AMY\AppData\Local\{423F2727-32C7-445D-B7E6-EE5421305F04}
2011-11-11 15:09:25 -------- d-----w- C:\Users\AMY\AppData\Local\{E3E75840-27C5-4CA5-9C72-FAF54B802065}
2011-11-10 01:13:10 -------- d-----w- C:\Users\AMY\AppData\Local\{ECD8F859-2214-421F-8DD2-AC34E7295A9A}
2011-11-10 01:12:41 -------- d-----w- C:\Users\AMY\AppData\Local\{908A92A6-72B7-42C4-8B64-4CB8AF1FE7FC}
2011-11-09 13:28:30 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 13:28:29 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 13:28:27 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 13:28:23 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-08 14:03:18 -------- d-----w- C:\Users\AMY\AppData\Local\{5E292D4C-28BB-42CE-86FC-832CECB1F1DB}
2011-11-08 14:02:35 -------- d-----w- C:\Users\AMY\AppData\Local\{5FEC6BFC-5E88-42CB-A74A-531EDCFAEC91}
2011-11-07 12:48:40 -------- d-----w- C:\Users\AMY\AppData\Local\{B3C537F3-CAA7-4AA0-BF91-4A043989E9E8}
2011-11-07 12:47:40 -------- d-----w- C:\Users\AMY\AppData\Local\{4978AA9F-C5E1-4B5F-AD54-8BD9B9BAFB70}
2011-11-06 14:04:57 -------- d-----w- C:\Users\AMY\AppData\Local\{8AA7216C-1B70-4B31-BBC2-3F389E49AEBF}
2011-11-06 14:04:09 -------- d-----w- C:\Users\AMY\AppData\Local\{1F386B29-DE08-4875-8FA7-C145F6FA77FE}
2011-11-05 12:16:18 -------- d-----w- C:\Users\AMY\AppData\Local\{5DCD4145-5FFC-4B28-A96D-F8E127187F79}
2011-11-05 12:15:58 -------- d-----w- C:\Users\AMY\AppData\Local\{B898470B-55F1-4DE3-9596-96374B01D354}
2011-11-03 12:09:48 -------- d-----w- C:\Users\AMY\AppData\Local\{F87A6A0D-29CF-4EAF-967D-4D2177189DB4}
2011-11-01 12:54:22 -------- d-----w- C:\Users\AMY\AppData\Local\{34727880-DA31-41B8-B26C-6BEC7EDE9555}
2011-10-31 13:32:10 -------- d-----w- C:\Users\AMY\AppData\Local\{EE7888CC-3DDD-4BB4-9E6B-8CCAED55DB48}
2011-10-29 13:19:27 -------- d-----w- C:\Users\AMY\AppData\Local\{5D55A8DA-8C79-47A0-8237-201504B26A67}
2011-10-28 13:05:02 -------- d-----w- C:\Users\AMY\AppData\Local\{7489F5DC-18F1-4087-8824-0EC7AD636514}
.
==================== Find3M ====================
.
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 10:40:18.66 ===============


-----------------------------------------------------------------------------------------------------------------------------------


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/26/2011 3:37:51 PM
System Uptime: 11/25/2011 9:23:49 AM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 1604
Processor: AMD V140 Processor | Socket S1G4 | 782/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 215 GiB total, 158.557 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.491 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP121: 10/18/2011 8:23:41 AM - Windows Update
RP123: 10/21/2011 10:21:43 AM - Windows Update
RP124: 10/22/2011 8:59:10 AM - Installed Java™ 6 Update 22
RP125: 10/22/2011 9:00:55 AM - Installed OpenOffice.org 3.3
RP126: 10/22/2011 9:43:46 AM - Removed CinemaNow Media Manager.
RP127: 10/22/2011 9:47:50 AM - Removed Facebook Video Calling 1.0.0.8714
RP128: 10/22/2011 9:52:35 AM - Removed OpenOffice.org 3.3
RP129: 10/22/2011 9:57:56 AM - Removed RingtoneJunkiez Desktop
RP130: 10/22/2011 9:58:29 AM - Removed Norton Online Backup
RP131: 10/25/2011 8:31:56 PM - Windows Update
RP132: 10/26/2011 8:39:28 AM - Windows Update
RP133: 11/2/2011 9:34:22 AM - Windows Update
RP134: 11/8/2011 9:10:56 AM - Windows Update
RP135: 11/11/2011 8:29:07 AM - Windows Update
RP136: 11/15/2011 7:04:23 AM - Windows Update
RP137: 11/22/2011 8:19:21 AM - Windows Update
.
==== Installed Programs ======================
.
3 Days: Zoo Mystery
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Ancient Secrets: Mystery of the Vanishing Bride
Atheros Driver Installation Program
Bejeweled 3
Bing Rewards Client Installer
Blackhawk Striker 2
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Cinema Tycoon
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Clueless
Coupon Printer for Windows
Crazy Chicken Kart 2
CyberLink DVD Suite
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink YouCam
D3DX10
DealRunner 1.25
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Dream Day Wedding
Energy Star Digital Logo
Escape Rosecliff Island
ESU for Microsoft Windows 7
Family Mystery - The Story of Amy
Final Drive Nitro
Fish Tycoon
FlipShare
Freeze.com NetAssistant
FrostWire 5.1.5
GamesBar 2.0.1.82
Golden Trails 2: The Lost Legacy Collector's Edition
Google Toolbar for Internet Explorer
Google Update Helper
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.1.0
HP Advisor
HP Customer Experience Enhancements
HP Deskjet 1000 J110 series Help
HP Documentation
HP Games
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
HP Update
I SPY Treasure Hunt
Jane's Realty 2
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 26
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Lemonade Tycoon 2
Letters from Nowhere 2
Magic Life
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Midnight Mysteries: Devil on the Mississippi
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Oasis
Mystery Case Files - Prime Suspects (remove only)
Mysteryville
Nancy Drew: Secrets Can Kill Remastered
NetAssistant
Norton Internet Security
Penguins!
Phantasmat
PhotoNow!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Port Royale 2
Power2Go
PowerDirector
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Recovery Manager
Ride! Carnival Tycoon
RollerCoaster Tycoon 3
RollerCoaster Tycoon 3: Platinum
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Supermarket Mania 2
Trapped - The Abduction
Travel Agency
Tropical Fish Shop 2
Unlikely Suspects
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update Installer for WildTangent Games App
VideoScavenger
Virtual Families
Virtual Villagers - The Secret City
Virtual Villagers 4 - The Tree of Life
VLC media player 1.1.10
Voodoo Whisperer: Curse of a Legend
Webroot Software
Wheel of Fortune 2
Wildlife Camp
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Messenger
Yahoo! Software Update
Zoo Empire
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/25/2011 8:02:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
11/23/2011 9:05:55 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
11/22/2011 8:11:08 AM, Error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
11/21/2011 9:58:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service.
11/21/2011 8:08:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
11/21/2011 8:08:39 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2011 8:08:39 AM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/21/2011 8:08:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
11/20/2011 12:38:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/20/2011 10:15:39 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/19/2011 10:53:53 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WebrootSpySweeperService service.
.
==== End Of File ===========================

#2 Broni Re: [RESOLVED] sisters windows 7 laptop infected

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 06:52 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 10h 30m 28s

Posted 26 November 2011 - 12:03 AM

Hey, how many sisters with infected computers do you have?....LOL

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Posted Image Posted Image


#3 ProblemsRBad Re: [RESOLVED] sisters windows 7 laptop infected

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 08:52 AM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 26 November 2011 - 01:23 AM

Lol, 2 sisters, but this is the same sister that has the desktop with bad ram too. About to head out to the store soon for a ram chip for that. But heres your combo log,

ComboFix 11-11-25.02 - AMY 11/25/2011 19:16:49.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.990 [GMT -5:00]
Running from: c:\users\AMY\Desktop\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\VIDEOS~2\bar\1.bin\1eBAr.dll
c:\program files (x86)\TelevisionFanatic
c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat
c:\program files (x86)\TelevisionFanaticEI
c:\program files (x86)\VideoScavenger_1e\bar\1.bin\1eBAr.dll
c:\program files (x86)\VideoScavenger_1e\bar\1.bin\1eSRcas.dll
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\users\AMY\AppData\Roaming\.#
.
.
((((((((((((((((((((((((( Files Created from 2011-10-26 to 2011-11-26 )))))))))))))))))))))))))))))))
.
.
2011-11-26 00:43 . 2011-11-26 00:43 0 ----a-w- c:\windows\SysWow64\shoA99F.tmp
2011-11-26 00:38 . 2011-11-26 00:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-25 19:56 . 2011-11-26 00:50 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C5AF203-1C3D-43B5-B37F-C4CB73C34473}\offreg.dll
2011-11-25 19:56 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C5AF203-1C3D-43B5-B37F-C4CB73C34473}\mpengine.dll
2011-11-25 16:24 . 2011-11-25 16:24 -------- d-----w- c:\users\AMY\AppData\Roaming\Panda Security
2011-11-25 16:20 . 2011-11-25 16:20 -------- d-----w- c:\program files (x86)\Toolbar Cleaner
2011-11-25 16:20 . 2011-11-25 16:24 -------- d-----w- c:\users\AMY\AppData\Local\panda2_0dn
2011-11-25 16:20 . 2011-11-26 00:47 -------- d-----w- c:\programdata\Panda Security URL Filtering
2011-11-25 16:19 . 2011-11-25 16:20 -------- d-----w- c:\program files (x86)\Panda Security
2011-11-25 16:19 . 2011-11-25 16:19 -------- d-----w- c:\programdata\Panda Security
2011-11-25 16:18 . 2011-11-25 16:19 -------- d-----w- C:\temp
2011-11-25 14:07 . 2011-11-25 14:07 -------- d-----w- c:\users\AMY\AppData\Roaming\Malwarebytes
2011-11-25 14:07 . 2011-11-25 14:07 -------- d-----w- c:\programdata\Malwarebytes
2011-11-25 14:07 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 14:07 . 2011-11-25 14:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-19 20:47 . 2011-11-19 20:47 -------- d-----w- c:\programdata\Oberon Media
2011-11-19 20:47 . 2011-11-19 20:47 -------- d-----w- c:\program files (x86)\Oberon Media
2011-11-19 20:46 . 2011-11-19 20:47 -------- d-----w- c:\users\AMY\AppData\Roaming\Oberon Media
2011-11-19 20:46 . 2011-11-19 20:46 -------- d-----w- c:\programdata\GamesBar
2011-11-19 20:46 . 2011-11-19 20:47 -------- d-----w- c:\program files (x86)\GamesBar
2011-11-19 20:46 . 2011-11-19 20:46 -------- d-----w- c:\program files (x86)\Common Files\Oberon Media
2011-11-19 20:41 . 2011-11-19 20:41 -------- d-----w- c:\users\AMY\AppData\Local\Oberon Media
2011-11-09 13:28 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 13:28 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 13:28 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:28 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-10-31 19:52 . 2011-10-31 19:52 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 05:24 . 2011-10-14 11:38 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-14 11:38 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-14 11:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-14 11:38 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-14 11:38 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-14 11:38 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2011-06-24 17:37 86696 ----a-w- c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-06-24 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
"SearchEngineProtection"="c:\program files (x86)\Gamesbar\SearchEngineProtection.exe" [2011-03-03 591248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-06-30 602168]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"VideoScavenger_1e Browser Plugin Loader"="c:\progra~2\VIDEOS~2\bar\1.bin\1ebrmon.exe" [2011-05-07 27648]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2011-06-29 217256]
.
c:\users\AMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
RollerCoaster Tycoon 3 Registration.lnk - c:\users\AMY\AppData\Local\Temp\{FC9EBBE7-17AB-45BD-9BB6-9B6940A139AC}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe [N/A]
ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 136176]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-06-30 27192]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 VideoScavenger_1eService;VideoScavenger Service;c:\progra~2\VIDEOS~2\bar\1.bin\1ebarsvc.exe [2011-05-07 36864]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 12:56]
.
2011-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-27 12:56]
.
2011-11-14 c:\windows\Tasks\HPCeeScheduleForAMY.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-03-20 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 10.128.128.128
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - c:\program files (x86)\VideoScavenger_1e\bar\1.bin\1eSrcAs.dll
Toolbar-10 - (no file)
Toolbar-10 - (no file)
Toolbar-!{acf7da4c-eeb2-484a-a3a1-303d4054d50c} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{C98D5B61-B0EA-4D48-9839-1079D352D880}"=hex:51,66,7a,6c,4c,1d,38,12,0f,58,9e,
cd,d8,fe,26,08,e7,2f,53,39,d6,0c,9c,94
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{5D79F641-C168-40DF-A32F-BACEA7509E75}"=hex:51,66,7a,6c,4c,1d,38,12,2f,f5,6a,
59,5a,8f,b1,05,dc,39,f9,8e,a2,0e,da,61
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{C6549209-1FF1-4A5C-A815-981F64F34B19}"=hex:51,66,7a,6c,4c,1d,38,12,67,91,47,
c2,c3,51,32,0f,d7,03,db,5f,61,ad,0f,0d
"{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}"=hex:51,66,7a,6c,4c,1d,38,12,fb,ff,52,
cf,81,bf,f9,02,f4,a0,53,52,fa,3c,ef,ae
"{D047FE10-DFE2-45CF-9FBF-966B9E64920F}"=hex:51,66,7a,6c,4c,1d,38,12,7e,fd,54,
d4,d0,91,a1,00,e0,a9,d5,2b,9b,3a,d6,1b
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"=hex:51,66,7a,6c,4c,1d,38,12,e0,a3,9c,
e7,58,bb,07,04,d4,e3,1f,31,e6,9f,17,b5
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:80,0a,3c,61,41,34,cc,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe
c:\program files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2011-11-25 20:16:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-26 01:16
.
Pre-Run: 171,426,553,856 bytes free
Post-Run: 172,147,650,560 bytes free
.
- - End Of File - - C2F77893301FE0A843B2A9248E1DE2CD

#4 Broni Re: [RESOLVED] sisters windows 7 laptop infected

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 06:52 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 10h 30m 28s

Posted 26 November 2011 - 02:06 AM

It looks good now.

How is computer doing?

BTW charge her 5 bucks for every new TOOLBAR you'll find installed on her computer...LOL

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Posted Image Posted Image


#5 ProblemsRBad Re: [RESOLVED] sisters windows 7 laptop infected

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 08:52 AM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 26 November 2011 - 02:30 AM

Running better now, LoL

OTL logfile created on: 11/25/2011 9:16:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\AMY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 48.79% Memory free
3.49 Gb Paging File | 2.23 Gb Available in Paging File | 63.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 215.36 Gb Total Space | 160.39 Gb Free Space | 74.47% Space Free | Partition Type: NTFS
Drive D: | 17.22 Gb Total Space | 2.49 Gb Free Space | 14.46% Space Free | Partition Type: NTFS

Computer Name: AMY-HP | User Name: AMY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/25 21:12:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\AMY\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/29 09:29:44 | 000,217,256 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/07 13:55:05 | 000,036,864 | ---- | M] (VideoScavenger) -- C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe
PRC - [2011/05/07 13:55:05 | 000,027,648 | ---- | M] (VideoScavenger) -- C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe
PRC - [2011/04/28 14:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/03/03 09:33:48 | 000,591,248 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
PRC - [2010/12/15 15:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
PRC - [2010/12/15 15:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/02 11:14:22 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/06/29 21:00:08 | 000,027,192 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/06/29 20:58:04 | 000,602,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/18 07:58:36 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/15 12:02:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/15 12:01:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/15 12:01:53 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/10/15 12:01:37 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/15 12:00:28 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/15 12:00:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/15 12:00:03 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/15 11:59:57 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/15 11:59:55 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/15 11:59:22 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/09 19:08:25 | 000,036,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/09 20:58:30 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2010/02/09 20:58:28 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2010/02/09 20:58:24 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2010/02/09 20:58:24 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2010/02/09 20:58:22 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2010/02/09 20:58:22 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2010/02/09 20:58:18 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2010/02/09 20:58:14 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/24 17:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Stopped] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
SRV:64bit: - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/17 11:59:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/07 13:55:05 | 000,036,864 | ---- | M] (VideoScavenger) [Auto | Running] -- C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebarsvc.exe -- (VideoScavenger_1eService)
SRV - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/12/15 15:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 15:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/06/29 21:00:08 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/07/05 12:12:46 | 000,160,520 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2011/04/28 13:57:43 | 000,128,072 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2011/04/28 13:57:43 | 000,121,928 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2011/04/28 13:57:42 | 000,149,576 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2011/04/28 13:57:42 | 000,114,760 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2011/02/22 14:17:34 | 002,736,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/02 11:14:48 | 000,032,880 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/17 12:07:42 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/06/17 11:10:34 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/22 20:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/22 20:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/12/22 05:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/10/07 21:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 21:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/08/23 20:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1


IE - HKU\.DEFAULT\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - SOFTWARE\Classes\CLSID\{57dc49cc-5a9f-446c-bcf8-65c52b7060a6}\InprocServer32 File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - SOFTWARE\Classes\CLSID\{57dc49cc-5a9f-446c-bcf8-65c52b7060a6}\InprocServer32 File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1139084311-1459039836-2272109428-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1139084311-1459039836-2272109428-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@VideoScavenger_1e.com/Plugin: C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\NP1eStub.dll (VideoScavenger)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1effxtbr@VideoScavenger_1e.com: C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin [2011/11/25 19:30:47 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/11/25 19:45:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {ACF7DA4C-EEB2-484A-A3A1-303D4054D50C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {ACF7DA4C-EEB2-484A-A3A1-303D4054D50C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - No CLSID value found.
O3 - HKU\S-1-5-21-1139084311-1459039836-2272109428-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoScavenger_1e Browser Plugin Loader] C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ebrmon.exe (VideoScavenger)
O4 - HKU\S-1-5-21-1139084311-1459039836-2272109428-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-1139084311-1459039836-2272109428-1000..\Run: [SearchEngineProtection] C:\Program Files (x86)\Gamesbar\SearchEngineProtection.exe (Oberon Media )
O4 - HKU\S-1-5-21-1139084311-1459039836-2272109428-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\AMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O4 - Startup: C:\Users\AMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1139084311-1459039836-2272109428-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1139084311-1459039836-2272109428-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.128.128.128
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F829F085-FC56-4DDC-996F-45BBF8054C8C}: DhcpNameServer = 10.128.128.128
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/25 21:12:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\AMY\Desktop\OTL.exe
[2011/11/25 19:38:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/25 19:13:59 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/25 19:13:59 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/25 19:13:59 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/25 19:13:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/25 19:12:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/25 19:10:17 | 004,307,453 | R--- | C] (Swearware) -- C:\Users\AMY\Desktop\ComboFix.exe
[2011/11/25 16:34:41 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{EA722C17-E060-41E0-ADA5-0064020D1527}
[2011/11/25 16:34:26 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{01D3518D-85AD-46C7-BAB0-9388DBE8FA3B}
[2011/11/25 11:24:21 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Roaming\Panda Security
[2011/11/25 11:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2011/11/25 11:20:57 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\panda2_0dn
[2011/11/25 11:20:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security URL Filtering
[2011/11/25 11:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2011/11/25 11:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011/11/25 11:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2011/11/25 11:18:39 | 000,000,000 | ---D | C] -- C:\temp
[2011/11/25 11:11:23 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{49D48FEA-2CBD-4DD2-8119-F386B21F8705}
[2011/11/25 11:10:43 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{15399D6F-F277-4CC3-B719-02A59865B3D5}
[2011/11/25 10:58:17 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{4F5437A9-A35B-4F4F-87D4-1AA022E853D3}
[2011/11/25 10:57:39 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{3DDAE270-0E2A-496E-AB10-1F90970747EF}
[2011/11/25 09:35:48 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\AMY\Desktop\dds.scr
[2011/11/25 09:35:26 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\AMY\Desktop\aswMBR.exe
[2011/11/25 09:27:25 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{B24BFC29-ECDF-4C01-9C79-238712A096E2}
[2011/11/25 09:26:47 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{19BB6AA2-4F2B-4272-908E-F997BCDCD009}
[2011/11/25 09:07:46 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Roaming\Malwarebytes
[2011/11/25 09:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/25 09:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/25 09:07:22 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/11/25 09:07:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/11/21 08:10:22 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{1AFBCBB0-E9DA-4662-AC8D-85571FE486D0}
[2011/11/21 08:10:04 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{346962D6-9D33-497A-A6A0-04C6E82A3F8C}
[2011/11/20 08:14:43 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{CAEE3AEC-20F5-42BA-99F6-3B7483A13EE5}
[2011/11/20 08:14:15 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{1E161D7D-2D2A-4A20-8239-15DE55C3229F}
[2011/11/19 15:47:19 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pogo Games
[2011/11/19 15:47:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[2011/11/19 15:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2011/11/19 15:47:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oberon Media
[2011/11/19 15:46:40 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Roaming\Oberon Media
[2011/11/19 15:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
[2011/11/19 15:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\GamesBar
[2011/11/19 15:46:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesBar
[2011/11/19 15:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Oberon Media
[2011/11/19 15:41:20 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\Oberon Media
[2011/11/19 08:27:33 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{FDFBAC63-6F4B-4C23-8514-7F84E6FECB28}
[2011/11/19 08:27:14 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{41495831-014B-4CF4-92A0-F7BC9A157B21}
[2011/11/18 04:31:49 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{679BE491-2970-4EC6-95D3-ED6E811CFC44}
[2011/11/18 04:31:29 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{16A24F18-BF46-47AB-980F-1FC7B956269C}
[2011/11/14 07:34:42 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{2A817F2B-03C1-43AA-B386-F485B0086AA6}
[2011/11/14 07:34:18 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{77AE9F90-584D-4D67-987C-F5F6BEF9529D}
[2011/11/11 10:09:55 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{423F2727-32C7-445D-B7E6-EE5421305F04}
[2011/11/11 10:09:25 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{E3E75840-27C5-4CA5-9C72-FAF54B802065}
[2011/11/09 20:13:10 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{ECD8F859-2214-421F-8DD2-AC34E7295A9A}
[2011/11/09 20:12:41 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{908A92A6-72B7-42C4-8B64-4CB8AF1FE7FC}
[2011/11/08 09:03:18 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{5E292D4C-28BB-42CE-86FC-832CECB1F1DB}
[2011/11/08 09:02:35 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{5FEC6BFC-5E88-42CB-A74A-531EDCFAEC91}
[2011/11/07 07:48:40 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{B3C537F3-CAA7-4AA0-BF91-4A043989E9E8}
[2011/11/07 07:47:40 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{4978AA9F-C5E1-4B5F-AD54-8BD9B9BAFB70}
[2011/11/06 09:04:57 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{8AA7216C-1B70-4B31-BBC2-3F389E49AEBF}
[2011/11/06 09:04:09 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{1F386B29-DE08-4875-8FA7-C145F6FA77FE}
[2011/11/05 07:16:18 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{5DCD4145-5FFC-4B28-A96D-F8E127187F79}
[2011/11/05 07:15:58 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{B898470B-55F1-4DE3-9596-96374B01D354}
[2011/11/03 07:09:48 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{F87A6A0D-29CF-4EAF-967D-4D2177189DB4}
[2011/11/01 07:54:22 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{34727880-DA31-41B8-B26C-6BEC7EDE9555}
[2011/10/31 14:52:44 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/10/31 08:32:10 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{EE7888CC-3DDD-4BB4-9E6B-8CCAED55DB48}
[2011/10/29 08:19:27 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{5D55A8DA-8C79-47A0-8237-201504B26A67}
[2011/10/28 08:05:02 | 000,000,000 | ---D | C] -- C:\Users\AMY\AppData\Local\{7489F5DC-18F1-4087-8824-0EC7AD636514}
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/25 21:12:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\AMY\Desktop\OTL.exe
[2011/11/25 20:30:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/25 20:29:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/25 19:55:43 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 19:55:43 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/25 19:45:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/25 19:44:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/25 19:44:25 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/25 19:11:31 | 004,307,453 | R--- | M] (Swearware) -- C:\Users\AMY\Desktop\ComboFix.exe
[2011/11/25 11:20:27 | 000,000,276 | ---- | M] () -- C:\Windows\SysNative\PSUNCpl.dat
[2011/11/25 10:49:41 | 000,920,384 | ---- | M] () -- C:\Users\AMY\Desktop\Norton_Removal_Tool.exe
[2011/11/25 10:46:36 | 000,711,320 | ---- | M] () -- C:\Users\AMY\Desktop\PandaCloudAntivirus.exe
[2011/11/25 10:33:36 | 000,000,512 | ---- | M] () -- C:\Users\AMY\Desktop\MBR.dat
[2011/11/25 09:35:52 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\AMY\Desktop\dds.scr
[2011/11/25 09:35:28 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\AMY\Desktop\aswMBR.exe
[2011/11/25 09:33:39 | 000,302,592 | ---- | M] () -- C:\Users\AMY\Desktop\nsomnnt2.exe
[2011/11/25 09:07:31 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/19 15:47:21 | 000,001,160 | ---- | M] () -- C:\Users\AMY\Desktop\Pogo Games.lnk
[2011/11/19 15:47:19 | 000,002,127 | ---- | M] () -- C:\Users\AMY\Desktop\Dream Day Wedding.lnk
[2011/11/14 07:32:23 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAMY.job
[2011/11/11 14:36:18 | 000,000,337 | ---- | M] () -- C:\Users\AMY\Documents\bank ref number nov one one.rtf
[2011/11/11 10:14:48 | 000,727,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/11 10:14:48 | 000,624,856 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/11 10:14:48 | 000,106,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/11 10:06:00 | 000,304,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/25 19:13:59 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/25 19:13:59 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/25 19:13:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/25 19:13:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/25 19:13:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/25 11:20:27 | 000,000,276 | ---- | C] () -- C:\Windows\SysNative\PSUNCpl.dat
[2011/11/25 10:49:41 | 000,920,384 | ---- | C] () -- C:\Users\AMY\Desktop\Norton_Removal_Tool.exe
[2011/11/25 10:46:35 | 000,711,320 | ---- | C] () -- C:\Users\AMY\Desktop\PandaCloudAntivirus.exe
[2011/11/25 10:33:36 | 000,000,512 | ---- | C] () -- C:\Users\AMY\Desktop\MBR.dat
[2011/11/25 09:33:37 | 000,302,592 | ---- | C] () -- C:\Users\AMY\Desktop\nsomnnt2.exe
[2011/11/25 09:07:31 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/19 15:47:21 | 000,001,160 | ---- | C] () -- C:\Users\AMY\Desktop\Pogo Games.lnk
[2011/11/19 15:47:18 | 000,002,127 | ---- | C] () -- C:\Users\AMY\Desktop\Dream Day Wedding.lnk
[2011/11/11 14:36:18 | 000,000,337 | ---- | C] () -- C:\Users\AMY\Documents\bank ref number nov one one.rtf
[2011/09/20 18:32:36 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/08/01 18:10:23 | 000,000,365 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/05/01 08:43:04 | 000,003,584 | ---- | C] () -- C:\Users\AMY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 20:45:42 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/25 18:47:02 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/03/20 23:05:26 | 000,001,854 | ---- | C] () -- C:\Users\AMY\AppData\Roaming\GhostObjGAFix.xml
[2010/12/29 03:49:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/12/29 03:42:20 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/12/29 03:41:49 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/12/29 03:41:49 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/07/10 23:40:02 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/07/10 22:36:59 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\HP Documentation.ini
[2010/02/09 20:58:12 | 000,012,800 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/04/25 17:02:44 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\3 Days Zoo Mystery
[2011/06/11 07:06:45 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Ascaron Entertainment
[2011/05/23 16:14:30 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Atari
[2011/05/10 18:49:56 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Awem
[2011/08/13 17:42:11 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2011/05/01 08:42:40 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Flip Video
[2011/03/16 20:41:02 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\funkitron
[2011/09/24 14:23:55 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Funswitch
[2011/03/31 21:58:10 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\GestaltGames
[2011/03/31 21:33:49 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\iWin
[2011/05/23 14:33:55 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Leadertech
[2011/05/01 11:49:42 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Meridian93
[2011/11/19 15:47:40 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Oberon Media
[2011/11/25 11:24:21 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Panda Security
[2011/03/17 20:30:13 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Phantasmat_wildgames_se
[2011/03/29 17:50:11 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Scholastic
[2011/10/12 19:30:04 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\SoftGrid Client
[2011/03/15 19:37:46 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Supermarket Mania 2
[2011/03/27 18:12:54 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\TFS2
[2011/03/25 18:36:35 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Three Rings Design
[2011/04/18 20:47:33 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\TP
[2011/08/25 09:25:14 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\WhiteSmoke
[2011/03/29 21:10:13 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\WildTangentv1002
[2011/06/22 13:48:39 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\Windows Live Writer
[2011/07/04 09:04:37 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/11/25 20:16:37 | 000,021,043 | ---- | M] () -- C:\ComboFix.txt
[2011/11/25 19:44:25 | 1405,276,160 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/25 19:44:31 | 1873,702,912 | -HS- | M] () -- C:\pagefile.sys
[2011/03/20 16:49:50 | 000,002,530 | ---- | M] () -- C:\RHDSetup.log
[2011/04/03 15:54:05 | 000,000,185 | ---- | M] () -- C:\setup.log

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/06/25 12:46:14 | 000,000,304 | -HS- | M] () -- C:\Users\AMY\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/25 09:35:28 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\AMY\Desktop\aswMBR.exe
[2011/11/25 19:11:31 | 004,307,453 | R--- | M] (Swearware) -- C:\Users\AMY\Desktop\ComboFix.exe
[2011/11/25 10:49:41 | 000,920,384 | ---- | M] () -- C:\Users\AMY\Desktop\Norton_Removal_Tool.exe
[2011/11/25 09:33:39 | 000,302,592 | ---- | M] () -- C:\Users\AMY\Desktop\nsomnnt2.exe
[2011/11/25 21:12:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\AMY\Desktop\OTL.exe
[2011/11/25 10:46:36 | 000,711,320 | ---- | M] () -- C:\Users\AMY\Desktop\PandaCloudAntivirus.exe
[2011/02/26 15:55:38 | 002,146,264 | ---- | M] (Webroot Software, Inc. ) -- C:\Users\AMY\Desktop\WRInstallBestBuy_93249.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/06/25 12:35:47 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/06/25 12:35:46 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/06/25 12:35:45 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/06/25 12:35:46 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/06/25 12:35:45 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/06/25 12:35:47 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/06/25 12:46:11 | 000,000,402 | -HS- | M] () -- C:\Users\AMY\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/12/29 03:54:20 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010/07/10 22:25:57 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010/12/29 03:53:48 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010/07/10 22:20:29 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010/12/29 03:53:25 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010/12/29 03:54:06 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010/07/10 22:19:22 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2010/07/10 22:25:14 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010/12/29 03:54:36 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:993F0BCE
< End of report >

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 11/25/2011 9:16:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\AMY\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 48.79% Memory free
3.49 Gb Paging File | 2.23 Gb Available in Paging File | 63.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 215.36 Gb Total Space | 160.39 Gb Free Space | 74.47% Space Free | Partition Type: NTFS
Drive D: | 17.22 Gb Total Space | 2.49 Gb Free Space | 14.46% Space Free | Partition Type: NTFS

Computer Name: AMY-HP | User Name: AMY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4EA22C1C-88E5-4544-A4E3-70B8728A0152}" = HP Deskjet 1000 J110 series Product Improvement Study
"{50431EE1-C1CC-4AE7-BDE3-B60536E7BA92}" = Panda Cloud Antivirus
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5ECBB161-A79A-4598-81DA-C6E1633B395C}" = HP Deskjet 1000 J110 series Basic Device Software
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers 1.10.01
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{C01AE65A-8874-3A33-BE03-23F8516A0350}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{ECD0D4B5-FFA9-6E1B-A08D-58E82EA5EEB9}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0190D9DE-6D57-7727-861E-D4BEA111D86B}" = Catalyst Control Center Core Implementation
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A785656-433A-0575-8C5D-A8EAE05329CA}" = CCC Help Thai
"{0AD77FFC-874E-9AAE-6A76-549DFEB17849}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CD58F4F-B339-4B81-FAD4-2BF9E3590F60}" = CCC Help Czech
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = Roxio CinemaNow 2.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A47631D-8875-7993-476D-130C5D41D101}" = CCC Help Spanish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{28749552-9DBD-1D10-A894-6079282C941F}" = CCC Help German
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30F4D459-824A-498C-826C-7721B777207F}" = Catalyst Control Center - Branding
"{32BA2A6E-6C61-0347-8958-7B2113982A55}" = CCC Help Portuguese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C66EECF-8143-55D4-774A-309A59230A92}" = Catalyst Control Center Graphics Full Existing
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54372041-9715-DE87-F84E-B0995D7567C6}" = CCC Help Chinese Traditional
"{5D6A4F95-49B5-0FC4-81CF-18176000B235}" = Catalyst Control Center Graphics Full New
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3650CA-7104-5DF0-E7EC-290CEC529AF8}" = CCC Help Korean
"{6EFDBA50-4ABE-4194-86F7-F3BD0A011F5B}_is1" = DealRunner 1.25
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{76B344A5-F756-0107-3559-1D97F9B316DC}" = CCC Help Norwegian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C36414C-DC87-4943-A525-BC1717BA17C9}" = HP Documentation
"{7CA09975-C4BE-469D-E45F-E47E9391106B}" = CCC Help Dutch
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81ADC365-6BA4-E757-81DA-BC9DC12DD291}" = Catalyst Control Center InstallProxy
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FA97A48-D942-AE67-D901-7C4136CC9DFD}" = CCC Help Danish
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MediaSmart CinemaNow 2.0
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{920E9471-FF68-680F-537C-F21777E53D31}" = CCC Help Turkish
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9ECF7817-DB11-4FBA-9DF1-296A578D513A}" = Adobe Shockwave Player 11.5
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A4E828B6-FE61-E279-A174-F5323931400B}" = CCC Help Finnish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B6BEB695-166D-E268-8AA2-A243F615D0BA}" = CCC Help Japanese
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C21A705D-D992-204F-8A2A-C31F490F502F}" = CCC Help Greek
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{c6c214df-2922-4809-94aa-f4d67d4451ec}" = Music Oasis
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CAA10DB8-E20C-9192-38F9-1F5399EA2DB7}" = CCC Help Italian
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CD184A27-1174-E497-189A-0CA5DB56BC97}" = CCC Help Chinese Standard
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3A451EE-219D-F373-5152-8C4760278628}" = Catalyst Control Center Graphics Light
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5959B62-9515-8DC9-ED0B-1680210AAC3E}" = CCC Help English
"{DA9481F2-D8A1-CC1D-4A8E-22854E60C6EB}" = Catalyst Control Center Localization All
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help
"{DE2B9A3D-976F-BE70-7557-52EE82BAB1C6}" = CCC Help French
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E342D296-DB9D-4FC7-ACB0-39926C0BFA16}" = HP Quick Launch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9F950D9-A469-644E-3977-31F2963AEE23}" = CCC Help Swedish
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6CEC68-1D49-5BCB-57B4-CD128E242356}" = CCC Help Hungarian
"{EDE97402-4A1F-2D15-FDB4-5620C57A9BA5}" = Catalyst Control Center Graphics Previews Common
"{F08A7C44-17FC-ED74-831E-5BCA9D5B77AD}" = ccc-core-static
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1224610-A17E-4E65-560A-D56B963D650D}" = CCC Help Russian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7C81FF0-8624-8C6E-D28D-CF68DFE7AE8C}" = Catalyst Control Center Graphics Previews Vista
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"FrostWire 5" = FrostWire 5.1.5
"GamesBar" = GamesBar 2.0.1.82
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Panda Security URL Filtering" = Panda Security URL Filtering
"pandasecuritytb" = Panda Security Toolbar
"RideCarnivalTycoon" = Ride! Carnival Tycoon
"Toolbar Cleaner" = Toolbar Cleaner 1.0
"VideoScavenger_1ebar Uninstall" = VideoScavenger
"VLC media player" = VLC media player 1.1.10
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087335" = Build-a-lot 2
"WT087342" = Dora's Carnival Adventure
"WT087360" = Escape Rosecliff Island
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087513" = Virtual Villagers - The Secret City
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WTA-0243b689-869f-44b2-8f89-940617e97fa9" = Letters from Nowhere 2
"WTA-146a6669-28cc-4075-bf11-4779a1c77dea" = Trapped - The Abduction
"WTA-162b9fdc-5705-4758-a340-c063fea28a0d" = Magic Life
"WTA-18acc77d-0e7b-4f41-878a-c53230af321b" = RollerCoaster Tycoon 3: Platinum
"WTA-26d436b9-6feb-4134-b429-0f757cee71c3" = Bejeweled 3
"WTA-37753e72-9a4f-4349-8836-3127bfbe7b54" = Wildlife Camp
"WTA-38542283-2397-4b73-ba50-97cd81a8762b" = Phantasmat
"WTA-3c40d273-6b62-4ec6-bb55-9ac49f5c72e7" = Travel Agency
"WTA-52d902c1-59af-49b1-b283-6003d92c6648" = 3 Days: Zoo Mystery
"WTA-5ac88df1-10fc-4017-91e8-1e16c2a16aa6" = Crazy Chicken Kart 2
"WTA-607ea2df-670f-4fde-a1f1-ff5db888ddfc" = Jane's Realty 2
"WTA-63158711-d44a-4259-ad2d-c4a41564e982" = Supermarket Mania 2
"WTA-636e6923-d84c-4bee-99d3-119e6fe92a29" = Mysteryville
"WTA-65def063-5301-4c93-9c50-e440f84ed9e8" = Tropical Fish Shop 2
"WTA-72979307-6d06-43ac-aeb6-7fa139d2d14a" = Voodoo Whisperer: Curse of a Legend
"WTA-7c4cb896-3eb7-46f3-aefc-0a80825b4277" = Fish Tycoon
"WTA-7d9b9864-96d3-44f5-b631-223a786e7781" = Port Royale 2
"WTA-83cd743e-7f31-48b5-b20d-10737345ad9f" = Clueless
"WTA-8410acf4-08a1-452f-82b5-5214dfa341ea" = Ancient Secrets: Mystery of the Vanishing Bride
"WTA-a836ae5c-71ef-4ac2-95fd-faf14e4e03b0" = Virtual Villagers 4 - The Tree of Life
"WTA-ac12b7b1-ee55-456e-8a41-d9f68b4778d4" = Lemonade Tycoon 2
"WTA-aea34794-a7ce-4b48-b396-433570cd4ae4" = Zoo Empire
"WTA-afe6161d-07aa-4cae-82f6-77cbe960db0b" = Nancy Drew: Secrets Can Kill Remastered
"WTA-b50ce0a2-f8df-4fb5-9333-488e44c1e57a" = I SPY Treasure Hunt
"WTA-c39bdf9a-09ad-4856-80d8-05fd9d500f34" = Cinema Tycoon
"WTA-ca6baa40-552b-40cb-a179-9fc6525c30ca" = Midnight Mysteries: Devil on the Mississippi
"WTA-cae84498-f4e0-4bdf-8544-8a5767d6061f" = Golden Trails 2: The Lost Legacy Collector's Edition
"WTA-e02b5cb9-0247-47e5-bbdf-f91d7306a3dc" = Unlikely Suspects
"WTA-f427d9ff-192b-4833-b6a0-9c170ad0cec9" = Family Mystery - The Story of Amy
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1139084311-1459039836-2272109428-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2011 8:41:53 AM | Computer Name = AMY-HP | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: d7c Start
Time: 01cc924a1c4774a4 Termination Time: 64 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 10/24/2011 9:21:22 AM | Computer Name = AMY-HP | Source = Application Error | ID = 1000
Description = Faulting application name: PhotoScreensaver.scr, version: 6.1.7601.17514,
time stamp: 0x4ce7af1a Faulting module name: SHELL32.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9a6 Exception code: 0xc0000005 Fault offset: 0x0000000000208f84
Faulting
process id: 0x1728 Faulting application start time: 0x01cc924f706b3095 Faulting application
path: C:\Windows\system32\PhotoScreensaver.scr Faulting module path: C:\Windows\system32\SHELL32.dll
Report
Id: 10819fb4-fe43-11e0-8199-78acc03ea084

Error - 10/26/2011 8:39:10 AM | Computer Name = AMY-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: HTTP status 403: The client does not have sufficient access
rights to the requested server object.

Error - 10/29/2011 10:24:50 AM | Computer Name = AMY-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: comctl32.dll, version: 6.10.7601.17514,
time stamp: 0x4ce7b71c Exception code: 0xc0000005 Fault offset: 0x000ab1ff Faulting
process id: 0x1628 Faulting application start time: 0x01cc963f65469f08 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
Report
Id: c28edef3-0239-11e1-9d51-78acc03ea084

Error - 10/29/2011 10:25:08 AM | Computer Name = AMY-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: comctl32.dll, version: 6.10.7601.17514,
time stamp: 0x4ce7b71c Exception code: 0xc000041d Fault offset: 0x000ab1ff Faulting
process id: 0x1628 Faulting application start time: 0x01cc963f65469f08 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
Report
Id: cd5271cb-0239-11e1-9d51-78acc03ea084

Error - 10/31/2011 7:55:00 PM | Computer Name = AMY-HP | Source = Application Error | ID = 1000
Description = Faulting application name: PhotoScreensaver.scr, version: 6.1.7601.17514,
time stamp: 0x4ce7af1a Faulting module name: SHELL32.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9a6 Exception code: 0xc0000005 Fault offset: 0x0000000000208f84
Faulting
process id: 0x12a0 Faulting application start time: 0x01cc98281733a82c Faulting application
path: C:\Windows\system32\PhotoScreensaver.scr Faulting module path: C:\Windows\system32\SHELL32.dll
Report
Id: be022d6a-041b-11e1-9449-78acc03ea084

Error - 10/31/2011 8:04:42 PM | Computer Name = AMY-HP | Source = Application Error | ID = 1000
Description = Faulting application name: PhotoScreensaver.scr, version: 6.1.7601.17514,
time stamp: 0x4ce7af1a Faulting module name: SHELL32.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9a6 Exception code: 0xc0000005 Fault offset: 0x0000000000208f84
Faulting
process id: 0x120c Faulting application start time: 0x01cc98294ae68c2d Faulting application
path: C:\Windows\system32\PhotoScreensaver.scr Faulting module path: C:\Windows\system32\SHELL32.dll
Report
Id: 1917c778-041d-11e1-9449-78acc03ea084

Error - 11/1/2011 9:08:33 AM | Computer Name = AMY-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: HTTP status 403: The client does not have sufficient access
rights to the requested server object.

Error - 11/2/2011 1:27:03 PM | Computer Name = AMY-HP | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: comctl32.dll, version: 6.10.7601.17514,
time stamp: 0x4ce7b71c Exception code: 0xc0000005 Fault offset: 0x000ab1ff Faulting
process id: 0xc64 Faulting application start time: 0x01cc99629d73f3f7 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
Report
Id: e08c194c-0577-11e1-bde9-78acc03ea084

Error - 11/3/2011 9:40:14 AM | Computer Name = AMY-HP | Source = Application Error | ID = 1000
Description = Faulting application name: PhotoScreensaver.scr, version: 6.1.7601.17514,
time stamp: 0x4ce7af1a Faulting module name: SHELL32.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c9a6 Exception code: 0xc0000005 Fault offset: 0x0000000000208f84
Faulting
process id: 0x1710 Faulting application start time: 0x01cc9a2d9b6a2553 Faulting application
path: C:\Windows\system32\PhotoScreensaver.scr Faulting module path: C:\Windows\system32\SHELL32.dll
Report
Id: 5b7ab0ba-0621-11e1-b053-78acc03ea084

[ Hewlett-Packard Events ]
Error - 10/16/2011 9:42:14 AM | Computer Name = AMY-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2011 9:46:27 AM | Computer Name = AMY-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2011 9:47:22 AM | Computer Name = AMY-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2011 9:48:46 AM | Computer Name = AMY-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2011 11:02:09 AM | Computer Name = AMY-HP | Source = hpsa_service.exe | ID = 2000
Description =

Error - 10/16/2011 11:05:55 AM | Computer Name = AMY-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2011 11:06:18 AM | Computer Name = AMY-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2011 11:06:37 AM | Computer Name = AMY-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/16/2011 11:07:20 AM | Computer Name = AMY-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 10/23/2011 11:27:41 AM | Computer Name = AMY-HP | Source = HPSF.exe | ID = 4000
Description =

[ HP Wireless Assistant Events ]
Error - 2/27/2011 3:39:07 PM | Computer Name = AMY-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/27/2011 3:40:15 PM | Computer Name = AMY-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/27/2011 3:41:23 PM | Computer Name = AMY-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/27/2011 3:42:31 PM | Computer Name = AMY-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/27/2011 3:43:38 PM | Computer Name = AMY-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 2/27/2011 3:44:46 PM | Computer Name = AMY-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/1/2011 5:35:37 PM | Computer Name = AMY-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 4/5/2011 8:29:34 PM | Computer Name = AMY-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 4/9/2011 1:21:23 PM | Computer Name = AMY-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get() at HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) at HPPA_Service.CurrentConfiguration.<ApplyFriendlyNames>b__23(RadioHardware
radio) at System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() at System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext()
at HPPA_Service.CurrentConfiguration.ApplyFriendlyNames() at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 6/24/2011 11:59:16 AM | Computer Name = AMY-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Call was canceled by the
message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) at
System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode,
IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ Media Center Events ]
Error - 3/23/2011 10:36:48 PM | Computer Name = AMY-HP | Source = MCUpdate | ID = 0
Description = 7:34:43 PM - Error connecting to the internet. 7:34:43 PM - Unable
to contact server..

Error - 3/25/2011 10:54:39 PM | Computer Name = AMY-HP | Source = MCUpdate | ID = 0
Description = 7:54:30 PM - Error connecting to the internet. 7:54:31 PM - Unable
to contact server..

Error - 3/25/2011 11:54:55 PM | Computer Name = AMY-HP | Source = MCUpdate | ID = 0
Description = 8:54:49 PM - Error connecting to the internet. 8:54:49 PM - Unable
to contact server..

Error - 4/10/2011 10:51:39 AM | Computer Name = AMY-HP | Source = MCUpdate | ID = 0
Description = 7:51:39 AM - Error connecting to the internet. 7:51:39 AM - Unable
to contact server..

Error - 4/10/2011 10:51:56 AM | Computer Name = AMY-HP | Source = MCUpdate | ID = 0
Description = 7:51:46 AM - Error connecting to the internet. 7:51:46 AM - Unable
to contact server..

Error - 4/27/2011 10:37:49 PM | Computer Name = AMY-HP | Source = MCUpdate | ID = 0
Description = 7:35:33 PM - Failed to retrieve SportsSchedule (Error: The remote
name could not be resolved: 'data.tvdownload.microsoft.com')

Error - 4/28/2011 11:43:40 AM | Computer Name = AMY-HP | Source = MCUpdate | ID = 0
Description = 8:43:40 AM - Error connecting to the internet. 8:43:40 AM - Unable
to contact server..

Error - 4/28/2011 11:43:50 AM | Computer Name = AMY-HP | Source = MCUpdate | ID = 0
Description = 8:43:47 AM - Error connecting to the internet. 8:43:47 AM - Unable
to contact server..

Error - 5/6/2011 7:25:50 AM | Computer Name = AMY-HP | Source = MCUpdate | ID = 0
Description = 7:25:41 AM - Error connecting to the internet. 7:25:41 AM - Unable
to contact server..

Error - 5/9/2011 8:02:55 AM | Computer Name = AMY-HP | Source = MCUpdate | ID = 0
Description = 8:02:50 AM - Failed to retrieve Directory (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

[ System Events ]
Error - 7/27/2011 9:59:10 AM | Computer Name = AMY-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 7/27/2011 9:59:10 AM | Computer Name = AMY-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the CinemaNow Service service.

Error - 7/28/2011 7:51:32 PM | Computer Name = AMY-HP | Source = DCOM | ID = 10016
Description =

Error - 7/29/2011 6:08:25 AM | Computer Name = AMY-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the FlipShare Service service.

Error - 7/29/2011 3:52:50 PM | Computer Name = AMY-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 7/30/2011 7:49:55 AM | Computer Name = AMY-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the FlipShare Service service.

Error - 7/30/2011 7:42:52 PM | Computer Name = AMY-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 7/31/2011 9:35:24 AM | Computer Name = AMY-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.

Error - 7/31/2011 11:19:07 AM | Computer Name = AMY-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/31/2011 12:57:03 PM | Computer Name = AMY-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the NIS service.


< End of report >

#6 Broni Re: [RESOLVED] sisters windows 7 laptop infected

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 06:52 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 10h 30m 28s

Posted 26 November 2011 - 02:52 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - SOFTWARE\Classes\CLSID\{57dc49cc-5a9f-446c-bcf8-65c52b7060a6}\InprocServer32 File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - SOFTWARE\Classes\CLSID\{57dc49cc-5a9f-446c-bcf8-65c52b7060a6}\InprocServer32 File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {ACF7DA4C-EEB2-484A-A3A1-303D4054D50C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {ACF7DA4C-EEB2-484A-A3A1-303D4054D50C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - No CLSID value found.
O3 - HKU\S-1-5-21-1139084311-1459039836-2272109428-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - Startup: C:\Users\AMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not found
O4 - Startup: C:\Users\AMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2011/08/25 09:25:14 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\WhiteSmoke
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:993F0BCE

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==================================================================

1. Update your Java version here: http://www.java.com/...d/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

==================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.

Posted Image Posted Image


#7 ProblemsRBad Re: [RESOLVED] sisters windows 7 laptop infected

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 08:52 AM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 26 November 2011 - 02:19 PM

All processes killed
Error: Unable to interpret <:OTLIE - HKU\.DEFAULT\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value foundIE - HKU\.DEFAULT\..\URLSearchHook: {57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - SOFTWARE\Classes\CLSID\{57dc49cc-5a9f-446c-bcf8-65c52b7060a6}\InprocServer32 File not foundIE - HKU\S-1-5-18\..\URLSearchHook: {0696f815-a3a9-490a-bb14-9ec3350b1276} - No CLSID value foundIE - HKU\S-1-5-18\..\URLSearchHook: {57dc49cc-5a9f-446c-bcf8-65c52b7060a6} - SOFTWARE\Classes\CLSID\{57dc49cc-5a9f-446c-bcf8-65c52b7060a6}\InprocServer32 File not foundO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {ACF7DA4C-EEB2-484A-A3A1-303D4054D50C} - No CLSID value found.O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - No CLSID value found.O> in the current context!
Error: Unable to interpret <3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {ACF7DA4C-EEB2-484A-A3A1-303D4054D50C} - No CLSID value found.O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C98D5B61-B0EA-4D48-9839-1079D352D880} - No CLSID value found.O3 - HKU\S-1-5-21-1139084311-1459039836-2272109428-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O4 - Startup: C:\Users\AMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RollerCoaster Tycoon 3 Registration.lnk = File not foundO4 - Startup: C:\Users\AMY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not foundO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)[2011/08/25 09:25:14 | 000,000,000 | ---D | M] -- C:\Users\AMY\AppData\Roaming\WhiteSmoke@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp> in the current context!
Error: Unable to interpret <:993F0BCE:Commands[purity][emptytemp][emptyflash][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 11252011_215538
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...



---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is disabled!)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Panda Cloud Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Toolbar Cleaner 1.0
Java™ 6 Update 29
Adobe Flash Player ( 10.0.42.34) Flash Player Out of Date!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUNMain.exe
``````````End of Log````````````


--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


esetlog

C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1edatact.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ehtml.dll probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ehtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1ePlugin.dll a variant of Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\VideoScavenger_1e\bar\1.bin\1eskin.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\AMY\AppData\LocalLow\TelevisionFanaticEI\Installr\Cache\0BAF5E90.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\Users\AMY\AppData\LocalLow\VideoScavenger_1eEI\Installr\Cache\03EE36AD.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined

#8 Broni Re: [RESOLVED] sisters windows 7 laptop infected

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 06:52 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 10h 30m 28s

Posted 26 November 2011 - 04:16 PM

OTL fix log is incorrect.
It looks like you missed very first line when copying my script:


Quote

:OTL

Please redo.
Posted Image Posted Image


#9 ProblemsRBad Re: [RESOLVED] sisters windows 7 laptop infected

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 08:52 AM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 26 November 2011 - 05:51 PM

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0696f815-a3a9-490a-bb14-9ec3350b1276} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276}\ not found.

OTL by OldTimer - Version 3.2.31.0 log created on 11262011_122416
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

#10 Broni Re: [RESOLVED] sisters windows 7 laptop infected

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 06:52 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 10h 30m 28s

Posted 26 November 2011 - 07:42 PM

Your computer is clean Posted Image

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/v...ning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingc.../topic2520.html

13. Please, let me know, how your computer is doing.
Posted Image Posted Image


#11 ProblemsRBad Re: [RESOLVED] sisters windows 7 laptop infected

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 08:52 AM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 26 November 2011 - 08:58 PM

i think when i copt your code and when i paste it in otl all the code go's in about 2 lines onle and thats why im getting this error. this happend before when you said i copy your code wrong, but i didnt it just pasted in 2 lines inside otl. on that scan i just put an enter space after :otl: and it worked. this last scan i tried twice, 2nd time i put the enter space in but still an error.


All processes killed
========== OTL ==========
Error: Unable to interpret <:Commands[purity][emptytemp][EMPTYFLASH][CLEARALLRESTOREPOINTS][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 11262011_155346
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

#12 Broni Re: [RESOLVED] sisters windows 7 laptop infected

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 06:52 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 10h 30m 28s

Posted 26 November 2011 - 09:01 PM

You missed 1st line again:



Quote

:OTL

Redo.
Posted Image Posted Image


#13 ProblemsRBad Re: [RESOLVED] sisters windows 7 laptop infected

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 08:52 AM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 26 November 2011 - 10:37 PM

ok i spaced it out right manualy,

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: AMY
->Temp folder emptied: 815249 bytes
->Temporary Internet Files folder emptied: 78040024 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1702 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 432720 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 76.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: AMY
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.31.0 log created on 11262011_163230
Files\Folders moved on Reboot...
C:\Users\AMY\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\AMY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\AMY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\AMY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0SW8NWK\fastbutton[1].htm moved successfully.
C:\Users\AMY\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9WNQ48UE\49235-sisters-windows-7-laptop-infected[2].htm moved successfully.
Registry entries deleted on Reboot...

#14 Broni Re: [RESOLVED] sisters windows 7 laptop infected

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 06:52 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 10h 30m 28s

Posted 26 November 2011 - 11:46 PM

Quote

13. Please, let me know, how your computer is doing.
Whenever ready....
Posted Image Posted Image


#15 ProblemsRBad Re: [RESOLVED] sisters windows 7 laptop infected

    Member

  • 161 posts
  • Joined: June 23, 2011
  • 15 topics
  • Skin: IP.Board
  • Local time: 08:52 AM
  • Zodiac:Aries
  • OS:Windows 7
  • Country:
Offline
  • Time Online: 3d 20h 16m 27s

Posted 27 November 2011 - 12:46 AM

oh sorry yeah it is much better now thanks!

#16 Broni Re: [RESOLVED] sisters windows 7 laptop infected

    Malware Annihilator

  • 24,883 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 06:52 AM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 10h 30m 28s

Posted 27 November 2011 - 12:47 AM

Way to go!! Posted Image
Good luck and stay safe :)
Posted Image Posted Image


Back to Virus, Spyware and Malware Removal · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


This topic has been visited by 8 user(s)

  1. Smartest Computing
  2. > Security
  3. > Virus, Spyware and Malware Removal
  4. SmartestComputing rules