Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Oh my god, what do I do with Copyright Violation Virus? [Solved]


  • This topic is locked This topic is locked

#1
Steadythisknife

Steadythisknife

    Member

  • Member
  • PipPip
  • 35 posts
Hi guys,

I am having a huge problem with my other computer. I recieved an email from a friend, and once I clicked the link I recieved the message that this site is not here anymore. And now when I load the computer I cant get the start up menu, or start bar, or any icons. Just the big warning that says "Copyright Violation: Copyrighted contenet deteceted. There is no further than this I can go... What should I do??? Please help me.
  • 0

Advertisements


#2
Steadythisknife

Steadythisknife

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I am sorry, I should have added I am running Windows Vista on HP laptop of which I am unsure of the model.
  • 0

#3
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi Steadythisknife,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
Please follow the instructions found in the Malware and Spyware Cleaning Guide, and post back with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log
If you find you can't do one of the steps listed, simply make note of it and move on to the next one.
  • 0

#4
Steadythisknife

Steadythisknife

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Thank you for your reply. Unfortunatly I can not get malwarebytes to open. I have renamed it, but it still will not run setup

Edited by Steadythisknife, 02 May 2010 - 02:14 PM.

  • 0

#5
Steadythisknife

Steadythisknife

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Ok new problem. I was able to set up Malewarebytes, however every time it is performing the quick scan, the computer just shuts down in the middle of it
  • 0

#6
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
OK skip MBAM and GMER, and move onto OTL.
  • 0

#7
Steadythisknife

Steadythisknife

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
ok here is the logs. I managed to run all programs requested.

Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

5/2/2010 4:47:56 PM
mbam-log-2010-05-02 (16-47-56).txt

Scan type: Quick scan
Objects scanned: 118145
Time elapsed: 4 minute(s), 34 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 32
Registry Values Infected: 14
Registry Data Items Infected: 8
Folders Infected: 6
Files Infected: 23

Memory Processes Infected:
C:\Users\Brittana\AppData\Local\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{6c3b64d5-3606-994c-a534-bbedbcd5e89e} (Adware.IEhlpr) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6c3b64d5-3606-994c-a534-bbedbcd5e89e} (Adware.IEhlpr) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{620f5636-e0b5-4adf-be88-eb8badca08fd} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{620f5636-e0b5-4adf-be88-eb8badca08fd} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e0ec6fba-f009-3535-95d6-b6390db27da1} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\cscrptxt.cscrptxt.1.0 (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{38061edc-40bb-4618-a8da-e56353347e6d} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{a9722a0d-365f-47d2-b70b-37d046316d99} (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hqgcmizohdnmsabw (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\PRAGMA (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ezLife (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adshothlpr.adshothlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adhlpr.adhlpr (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adhlpr.adhlpr.1.0 (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\colieconed (Adware.IEhlpr) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a2ba40a0-74f1-52bd-f411-00b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmon64x.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87sdhfush87fsufhuie3fddf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iwykpspm (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ezlife (Adware.EZlife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsdefrag (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Brittana\AppData\Local\ave.exe" /START "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Brittana\AppData\Local\ave.exe" /START "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Brittana\AppData\Local\ave.exe" /START "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files (x86)\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Smart-Ads-Solutions\SmartAds\1.5.2.0 (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ezLife\ezLife (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ezLife\ezLife\1.5.2.0 (Adware.EzLife) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Brittana\AppData\Local\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\aijmtatfwnmkxczc.dll (Adware.IEhlpr) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\brxyonxw.dll (Adware.EZlife) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\n2n1i41xue.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\Components\ffxShot.dll (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Windows\System32\aijmtatfwnmkxczc.dll (Adware.IEhlpr) -> Quarantined and deleted successfully.
C:\Windows\System32\ejuxlblm.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Windows\System32\hqgcmizohdnmsabw.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Windows\System32\n2n1i41xue.dll (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Windows\System32\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Smart-Ads-Solutions\SmartAds\1.5.2.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files (x86)\ezLife\ezLife\1.5.2.0\uninstall.exe (Adware.EzLife) -> Quarantined and deleted successfully.
C:\Users\Brittana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Brittana\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Brittana\AppData\Local\wupucvayu\qqwhnystssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\components\nsFFxSHot.xpt (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\Brittana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Brittana\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Brittana\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Brittana\Desktop\nudetube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Brittana\Desktop\pornotube.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Brittana\Desktop\youporn.com.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Users\Brittana\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.

GMER log came up blank... I'm guessing that is not a good thing.

OTL:

OTL logfile created on: 5/2/2010 5:45:55 PM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\Brittana\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 137.93 Gb Free Space | 62.71% Space Free | Partition Type: NTFS
Drive D: | 12.91 Gb Total Space | 2.02 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KILLBRITTANY
Current User Name: Brittana
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/02 17:45:01 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Brittana\Desktop\OTL.exe
PRC - [2010/05/02 17:08:43 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
PRC - [2010/05/02 17:08:15 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgam.exe
PRC - [2010/05/02 17:08:13 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/05/02 17:07:51 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe


========== Modules (SafeList) ==========

MOD - [2010/05/02 17:45:01 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Brittana\Desktop\OTL.exe
MOD - [2009/04/11 02:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008/01/20 22:50:01 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/09/24 21:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2008/10/15 07:39:52 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5730ce9f\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/10/15 07:39:50 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_5730ce9f\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/09/16 23:14:32 | 000,905,216 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/03/18 20:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/12/11 16:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/05/02 17:08:43 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/05/02 17:08:13 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/05/02 17:07:51 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/06 22:15:36 | 001,029,456 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/23 14:04:34 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/23 16:37:30 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/03/30 00:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/09/24 22:08:26 | 000,296,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/09/24 22:08:26 | 000,116,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 09:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/02 02:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/02 02:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/02 17:10:02 | 000,027,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\AVGIDSva.sys -- (AVGIDSErHrvta)
DRV:64bit: - [2010/05/02 17:10:01 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (AvgRkx64)
DRV:64bit: - [2010/05/02 17:10:00 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/05/02 17:09:54 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/05/02 17:09:52 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/05/02 17:06:52 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/02/26 21:27:34 | 002,041,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/28 20:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2009/07/03 10:49:17 | 000,068,640 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:39:51 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2008/10/15 07:39:54 | 000,465,408 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/09/17 00:01:26 | 004,709,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/07/21 05:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008/05/28 18:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008/04/28 04:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV:64bit: - [2008/04/15 05:05:42 | 000,161,792 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/03/31 05:36:18 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/03/27 16:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 16:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/02/29 19:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/01/24 08:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/01/20 22:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:64bit: - [2008/01/20 22:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64) Intel®
DRV:64bit: - [2008/01/20 22:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2008/01/20 22:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006/10/03 21:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2010/05/02 17:07:56 | 000,132,616 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSDriver.sys -- (AVGIDSDrivervta)
DRV - [2010/05/02 17:07:55 | 000,035,848 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSFilter.sys -- (AVGIDSFiltervta)
DRV - [2008/09/26 06:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2006/09/18 17:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 17:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812
FF - prefs.js..extensions.enabledItems: avg@igeared:4.002.023.004
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/05/02 17:06:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/02 17:09:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/29 16:48:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/04/03 17:16:51 | 000,000,000 | ---D | M]

[2009/04/02 22:49:17 | 000,000,000 | ---D | M] -- C:\Users\Brittana\AppData\Roaming\Mozilla\Extensions
[2010/05/02 17:15:23 | 000,000,000 | ---D | M] -- C:\Users\Brittana\AppData\Roaming\Mozilla\Firefox\Profiles\451wslmd.default\extensions
[2009/06/24 18:42:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Brittana\AppData\Roaming\Mozilla\Firefox\Profiles\451wslmd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/05 21:01:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Brittana\AppData\Roaming\Mozilla\Firefox\Profiles\451wslmd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/10/28 12:41:36 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\Brittana\AppData\Roaming\Mozilla\Firefox\Profiles\451wslmd.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/07/11 09:05:56 | 000,000,000 | ---D | M] -- C:\Users\Brittana\AppData\Roaming\Mozilla\Firefox\Profiles\451wslmd.default\extensions\[email protected]
[2010/05/02 17:15:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [gotnewupdate000.exe] C:\Users\Brittana\AppData\Roaming\75A2A4A90BCB3E1F9206BC89CAA6033D\gotnewupdate000.exe File not found
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Brittana\AppData\Local\Temp\Mzr.exe File not found
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlcm.cab (Symantec Configuration Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Brittana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Brittana\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2008/01/20 23:06:38 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 23:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/02 17:44:59 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Brittana\Desktop\OTL.exe
[2010/05/02 17:20:20 | 000,000,000 | ---D | C] -- C:\Users\Brittana\Desktop\gmer
[2010/05/02 17:15:21 | 000,000,000 | ---D | C] -- C:\Users\Brittana\AppData\Local\AVG Security Toolbar
[2010/05/02 17:14:20 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/02 17:10:02 | 000,027,144 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\AVGIDSva.sys
[2010/05/02 17:10:02 | 000,012,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/05/02 17:10:01 | 000,056,008 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/05/02 17:09:59 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/05/02 17:09:53 | 000,269,320 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/05/02 17:09:51 | 000,035,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/05/02 17:09:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010/05/02 17:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/05/02 17:06:52 | 000,029,976 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgfwd6a.sys
[2010/05/02 17:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/05/02 17:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/05/02 16:58:45 | 002,131,808 | ---- | C] (AVG Technologies) -- C:\Users\Brittana\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/05/02 16:16:39 | 000,000,000 | ---D | C] -- C:\Users\Brittana\AppData\Roaming\Malwarebytes
[2010/05/02 16:16:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/05/02 16:16:29 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/05/02 16:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/02 16:16:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/05/02 16:08:34 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Brittana\Desktop\Random name.exe
[2010/05/02 16:03:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/02 16:02:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/05/02 15:57:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Brittana\Desktop\erunt_setup.exe
[2010/05/02 15:40:02 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Brittana\Desktop\TFC.exe
[2010/04/29 16:49:24 | 000,000,000 | ---D | C] -- C:\Users\Brittana\AppData\Local\wupucvayu
[2010/04/29 16:48:35 | 000,000,000 | ---D | C] -- C:\Users\Brittana\AppData\Roaming\75A2A4A90BCB3E1F9206BC89CAA6033D
[2010/04/25 09:21:58 | 000,000,000 | ---D | C] -- C:\Users\Brittana\Desktop\Pod
[2010/03/23 12:16:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/03/10 00:01:32 | 000,000,000 | ---D | C] -- C:\cabs
[2010/02/26 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\Brittana\AppData\Roaming\InstallShield
[2010/02/26 21:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield

========== Files - Modified Within 90 Days ==========

[2010/05/02 17:46:11 | 002,621,440 | -HS- | M] () -- C:\Users\Brittana\ntuser.dat
[2010/05/02 17:45:01 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Brittana\Desktop\OTL.exe
[2010/05/02 17:43:02 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/02 17:25:25 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7CCF229D-1FE9-4EFD-B9E4-8FC375C52971}.job
[2010/05/02 17:21:28 | 000,707,528 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/05/02 17:21:28 | 000,607,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/05/02 17:21:28 | 000,105,368 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/05/02 17:18:13 | 000,284,915 | ---- | M] () -- C:\Users\Brittana\Desktop\gmer.zip
[2010/05/02 17:13:11 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 17:13:10 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 17:13:08 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/02 17:12:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/02 17:12:49 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/02 17:11:11 | 000,524,288 | -HS- | M] () -- C:\Users\Brittana\ntuser.dat{e2b0258c-2b8a-11df-bac8-00235a27ec24}.TMContainer00000000000000000001.regtrans-ms
[2010/05/02 17:11:11 | 000,065,536 | -HS- | M] () -- C:\Users\Brittana\ntuser.dat{e2b0258c-2b8a-11df-bac8-00235a27ec24}.TM.blf
[2010/05/02 17:11:08 | 001,547,102 | -H-- | M] () -- C:\Users\Brittana\AppData\Local\IconCache.db
[2010/05/02 17:10:03 | 000,012,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/05/02 17:10:03 | 000,001,689 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/05/02 17:10:02 | 000,027,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\AVGIDSva.sys
[2010/05/02 17:10:01 | 000,056,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010/05/02 17:10:00 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/05/02 17:09:54 | 000,269,320 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/05/02 17:09:52 | 000,035,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/05/02 17:09:51 | 000,583,987 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010/05/02 17:09:50 | 059,513,353 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/05/02 17:09:50 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/05/02 17:06:52 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgfwd6a.sys
[2010/05/02 16:58:53 | 002,131,808 | ---- | M] (AVG Technologies) -- C:\Users\Brittana\Desktop\avg_free_stb_all_9_114_cnet.exe
[2010/05/02 16:42:20 | 000,011,906 | -HS- | M] () -- C:\Users\Brittana\AppData\Local\RIiYj0K8
[2010/05/02 16:42:20 | 000,011,906 | -HS- | M] () -- C:\ProgramData\RIiYj0K8
[2010/05/02 16:16:33 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\random name.lnk
[2010/05/02 16:08:39 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Brittana\Desktop\Random name.exe
[2010/05/02 16:02:53 | 000,000,763 | ---- | M] () -- C:\Users\Brittana\Desktop\NTREGOPT.lnk
[2010/05/02 16:02:53 | 000,000,744 | ---- | M] () -- C:\Users\Brittana\Desktop\ERUNT.lnk
[2010/05/02 15:57:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Brittana\Desktop\erunt_setup.exe
[2010/05/02 15:40:04 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Brittana\Desktop\TFC.exe
[2010/04/29 20:38:35 | 000,000,969 | ---- | M] () -- C:\Windows\lsrslt.ini
[2010/04/29 17:41:57 | 000,395,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/04/29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/04/27 22:34:04 | 000,019,456 | ---- | M] () -- C:\Users\Brittana\Documents\musics.doc
[2010/03/26 21:14:42 | 000,048,911 | ---- | M] () -- C:\Users\Brittana\Desktop\il_430xN.14941877.jpg
[2010/03/26 20:52:33 | 000,066,967 | ---- | M] () -- C:\Users\Brittana\Desktop\glass_octopus.jpg
[2010/03/23 12:30:23 | 000,067,102 | ---- | M] () -- C:\Users\Brittana\Desktop\camping.jpg
[2010/03/21 22:08:29 | 000,278,757 | ---- | M] () -- C:\Users\Brittana\Desktop\houdini.jpg
[2010/03/21 22:06:41 | 000,302,327 | ---- | M] () -- C:\Users\Brittana\Desktop\park2.jpg
[2010/03/21 22:06:20 | 000,376,280 | ---- | M] () -- C:\Users\Brittana\Desktop\park.jpg
[2010/03/09 12:54:57 | 000,524,288 | -HS- | M] () -- C:\Users\Brittana\ntuser.dat{e2b0258c-2b8a-11df-bac8-00235a27ec24}.TMContainer00000000000000000002.regtrans-ms
[2010/03/04 01:02:24 | 000,524,288 | -HS- | M] () -- C:\Users\Brittana\NTUSER.DAT{97deebd6-4094-11de-a355-00235a27ec24}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 01:02:24 | 000,065,536 | -HS- | M] () -- C:\Users\Brittana\NTUSER.DAT{97deebd6-4094-11de-a355-00235a27ec24}.TM.blf
[2010/03/01 03:06:42 | 002,896,034 | ---- | M] () -- C:\Users\Brittana\Desktop\CIMG3267.JPG
[2010/03/01 03:05:54 | 003,024,737 | ---- | M] () -- C:\Users\Brittana\Desktop\CIMG3265.JPG
[2010/03/01 02:43:58 | 001,754,851 | ---- | M] () -- C:\Users\Brittana\Desktop\CIMG3253.JPG
[2010/03/01 02:43:46 | 002,044,404 | ---- | M] () -- C:\Users\Brittana\Desktop\CIMG3252.JPG
[2010/02/26 22:15:59 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2010/02/26 21:28:27 | 000,885,782 | ---- | M] () -- C:\Windows\SysNative\oem19.inf
[2010/02/25 11:58:20 | 000,106,216 | ---- | M] () -- C:\Users\Brittana\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/02 22:11:42 | 000,006,656 | ---- | M] () -- C:\Users\Brittana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2010/05/02 17:18:12 | 000,284,915 | ---- | C] () -- C:\Users\Brittana\Desktop\gmer.zip
[2010/05/02 17:10:03 | 000,001,689 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/05/02 17:09:50 | 059,513,353 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/05/02 17:09:50 | 000,583,987 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010/05/02 17:09:50 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010/05/02 16:49:43 | 4024,258,560 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/02 16:16:33 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\random name.lnk
[2010/05/02 16:02:53 | 000,000,763 | ---- | C] () -- C:\Users\Brittana\Desktop\NTREGOPT.lnk
[2010/05/02 16:02:53 | 000,000,744 | ---- | C] () -- C:\Users\Brittana\Desktop\ERUNT.lnk
[2010/04/29 20:38:35 | 000,000,969 | ---- | C] () -- C:\Windows\lsrslt.ini
[2010/04/29 16:49:00 | 000,011,906 | -HS- | C] () -- C:\Users\Brittana\AppData\Local\RIiYj0K8
[2010/04/29 16:49:00 | 000,011,906 | -HS- | C] () -- C:\ProgramData\RIiYj0K8
[2010/04/29 16:48:29 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/04/27 22:34:03 | 000,019,456 | ---- | C] () -- C:\Users\Brittana\Documents\musics.doc
[2010/03/26 21:14:41 | 000,048,911 | ---- | C] () -- C:\Users\Brittana\Desktop\il_430xN.14941877.jpg
[2010/03/26 20:52:32 | 000,066,967 | ---- | C] () -- C:\Users\Brittana\Desktop\glass_octopus.jpg
[2010/03/23 12:30:23 | 000,067,102 | ---- | C] () -- C:\Users\Brittana\Desktop\camping.jpg
[2010/03/21 22:08:29 | 000,278,757 | ---- | C] () -- C:\Users\Brittana\Desktop\houdini.jpg
[2010/03/21 22:06:41 | 000,302,327 | ---- | C] () -- C:\Users\Brittana\Desktop\park2.jpg
[2010/03/21 22:06:20 | 000,376,280 | ---- | C] () -- C:\Users\Brittana\Desktop\park.jpg
[2010/03/21 21:24:51 | 002,896,034 | ---- | C] () -- C:\Users\Brittana\Desktop\CIMG3267.JPG
[2010/03/21 21:24:19 | 001,754,851 | ---- | C] () -- C:\Users\Brittana\Desktop\CIMG3253.JPG
[2010/03/21 21:22:46 | 002,044,404 | ---- | C] () -- C:\Users\Brittana\Desktop\CIMG3252.JPG
[2010/03/21 21:21:58 | 003,024,737 | ---- | C] () -- C:\Users\Brittana\Desktop\CIMG3265.JPG
[2010/03/09 10:49:31 | 000,524,288 | -HS- | C] () -- C:\Users\Brittana\ntuser.dat{e2b0258c-2b8a-11df-bac8-00235a27ec24}.TMContainer00000000000000000002.regtrans-ms
[2010/03/09 10:49:30 | 000,524,288 | -HS- | C] () -- C:\Users\Brittana\ntuser.dat{e2b0258c-2b8a-11df-bac8-00235a27ec24}.TMContainer00000000000000000001.regtrans-ms
[2010/03/09 10:49:30 | 000,065,536 | -HS- | C] () -- C:\Users\Brittana\ntuser.dat{e2b0258c-2b8a-11df-bac8-00235a27ec24}.TM.blf
[2010/02/26 21:28:56 | 000,885,782 | ---- | C] () -- C:\Windows\SysNative\oem19.inf
[2009/09/18 21:58:15 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/09/18 21:57:00 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/09/14 14:41:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/03/08 19:42:05 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[1999/01/22 09:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

========== LOP Check ==========

[2010/05/02 17:15:52 | 000,000,000 | ---D | M] -- C:\Users\Brittana\AppData\Roaming\75A2A4A90BCB3E1F9206BC89CAA6033D
[2009/03/05 18:20:08 | 000,000,000 | ---D | M] -- C:\Users\Brittana\AppData\Roaming\acccore
[2010/04/25 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\Brittana\AppData\Roaming\FrostWire
[2009/04/27 10:17:57 | 000,000,000 | ---D | M] -- C:\Users\Brittana\AppData\Roaming\GetRightToGo
[2009/04/28 19:54:19 | 000,000,000 | ---D | M] -- C:\Users\Brittana\AppData\Roaming\Template
[2009/03/02 02:04:23 | 000,000,000 | ---D | M] -- C:\Users\Brittana\AppData\Roaming\WildTangent
[2009/08/22 21:15:39 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/05/02 17:11:23 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/05/02 17:25:25 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7CCF229D-1FE9-4EFD-B9E4-8FC375C52971}.job
[2010/05/02 17:43:02 | 000,000,298 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/02 17:12:47 | 000,057,788 | ---- | M] () -- C:\aaw7boot.log
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/05/02 17:12:49 | 4024,258,560 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/21 14:39:48 | 000,001,114 | -H-- | M] () -- C:\IPH.PH
[2006/12/02 02:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/05/02 17:12:48 | 042,876,927 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
< End of report >


Extras:

OTL Extras logfile created on: 5/2/2010 5:45:55 PM - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Users\Brittana\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.97 Gb Total Space | 137.93 Gb Free Space | 62.71% Space Free | Partition Type: NTFS
Drive D: | 12.91 Gb Total Space | 2.02 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KILLBRITTANY
Current User Name: Brittana
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 61 18 BB 29 5B 4B CA 01 [binary data]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09708122-7424-4F7C-AD4B-AD39C2697A28}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{17F1B42A-72D8-4A75-AE8A-130F5417DB3A}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{1A4D8651-AB72-430E-901E-C6E59B7F3B60}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1C927BF5-B866-40FC-8DAF-6F9CC7412679}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{2509D0FE-64EF-482A-9709-3C6C81402C9A}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{284FE17D-0AC2-4CED-A61A-6A7A5E5F3064}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{2C27F892-1588-43D4-B4B0-F98C47C1AD63}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe |
"{2D9D2BEA-EF3F-4A7B-B337-7840FE401967}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{3D3377BB-FD5B-415D-A6C7-182C2CD5B4A8}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{42EF92CE-8F14-4055-9AAE-CC7D0CE28A6B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{46E90B4F-5612-4270-BC89-FB3EA4916C80}" = protocol=17 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{4C3A576D-CB83-4B7B-A485-E3B9CDE6E231}" = dir=in | app=c:\program files (x86)\avg\avg9\avgam.exe |
"{51E7D8A9-E446-4D56-A620-30951C835F19}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{5C5C0970-597F-429A-9FAD-7408CF805492}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{60F22D30-61EB-44F9-B20E-F439A4DD5952}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{611A6343-3518-43FE-8B84-C68E239494B7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{6DF83677-BA2E-4FAF-8661-F0102FD310CB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{709B818D-20AA-4B06-A0AB-F631A6AC45D7}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{756BFFFF-9023-4667-83FE-587E7C9E5582}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{7591810F-5DCB-432A-B9B8-FB5B45F30E90}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7FCC94EB-09C7-46D7-A339-44C3A6615E07}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{8835E5CC-6C74-40E1-9C82-308C7D5E5F61}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{8B4E8AAB-FF1F-4341-AA3E-BCBFD88C8EA7}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{96F1D8AB-A2D3-4EAD-822D-CA33ACE52C4A}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{9E656EA8-04F4-4B76-AFA6-D144595873F2}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"{A3A288C0-EB71-4243-8B6B-CD50EDF7FE0E}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{A3A5E77D-AB11-4FE0-A50A-D64D3FC9B214}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe |
"{A928BC95-4DB0-454C-95ED-C147E3DB1DCA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{B287D7B7-CB0F-4F32-BCB6-30BE676FDA8E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{BCE6529F-001B-4774-BD66-9CA575DED5CA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{C2716761-57BE-42A9-BEDF-A14CF6B0ACBC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe |
"{CB1AB6EE-8C4E-40F6-BF00-DED580034B4F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CD29DCE4-AF8E-4C37-AE3C-44BEC89B4076}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D3EE9CF0-4A5D-48A7-A524-91FFA2589F7A}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{E10F7A9B-859A-4264-A936-FE62EA83DA21}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{E613D018-57D9-4D36-8795-79145B0C1DE0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{E7BC8B47-C8EC-46CF-8D70-6575765F8DE9}" = dir=in | app=c:\program files (x86)\avg\avg9\avgdiagex.exe |
"{EEE3AD43-1FBF-4CB4-B52C-9AC053392F4C}" = protocol=6 | dir=in | app=c:\program files (x86)\aim6\aim6.exe |
"{F0D9AAD7-291E-4ED9-BA34-C50CBFF39F54}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
"TCP Query User{6F4B982B-20F2-4FFB-AF8B-CB6F1F3FF050}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{752FE9FC-3BE0-4F85-BDD4-D1F37876579D}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |
"UDP Query User{808B0B44-486E-4480-977C-CA74D68BE574}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F3509E82-F969-48F3-8CF9-B576B7606BD4}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CE5F45E-F6CC-4638-B0DD-BB7F6EF56713}" = HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
"{2F97CE84-9C33-4631-821B-85EA371EA254}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{50CFD060-4267-0D82-C5A1-4C083110F34F}" = ATI Catalyst Install Manager
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F7994F-661E-46D1-A1DF-67F2887AAA7E}" = HP MediaSmart SmartMenu
"{DFBAEAEC-39A9-5558-C9BA-1EB60F15683A}" = ccc-utility64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01C9296A-717B-180B-6C1B-972B2A240787}" = Catalyst Control Center Core Implementation
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0D5ADBC6-EAC6-6044-0C97-1F7CF77F4AC4}" = Catalyst Control Center Graphics Full New
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{13C984A7-4904-2D52-E0FA-56564B993150}" = ccc-core-static
"{13E5609E-A4A2-F837-86AD-7105855D96CC}" = CCC Help Chinese Standard
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22507ED9-4D42-D684-C96F-6B8870EF4236}" = CCC Help Finnish
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C5D17D6-3FE0-2275-D0A7-866CD704F701}" = Catalyst Control Center Localization Czech
"{2CC69A5D-226D-6ABE-53D1-FCD400CED07C}" = CCC Help Spanish
"{2FB49B58-79BA-BAC5-E7FE-5D6A6C1E8BB9}" = CCC Help Greek
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{305468A6-DE2D-43ba-A168-2F45A97A89DA}" = DJ_SF_03_D1500_Software_Min
"{30A6DC6F-C97A-3C6D-54B3-E284CC2EC9E3}" = CCC Help German
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{38436888-9EAA-4cec-A56F-65B73D9D423C}" = D1500
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42300B1F-93D5-DDB9-4563-49399402B70F}" = CCC Help Dutch
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{4A4E7060-5110-1C02-9227-CC6E9662DD7F}" = Catalyst Control Center Localization Russian
"{4ECD755B-EA8E-1F6D-27D3-D77324033090}" = Catalyst Control Center Localization French
"{4F038D40-0B3C-88C8-BCEB-268A3A89C312}" = Catalyst Control Center Localization Korean
"{4F924BE2-FE46-7A15-DA29-214DDCB65A13}" = Catalyst Control Center Localization Dutch
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53A4B5BE-5C9A-024D-8A19-5D13668DFE34}" = Catalyst Control Center Localization Turkish
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{558FF444-F562-4E4C-98BD-7B20EE184D2E}" = Catalyst Control Center - Branding
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5FED28FC-6C33-1B35-1651-C3466CCB047B}" = CCC Help English
"{60820957-6977-9543-D784-F6DCDC265ED4}" = Catalyst Control Center Graphics Full Existing
"{658940CB-D84C-23A6-6008-9A89111863A2}" = CCC Help Russian
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69162FA0-D2C9-0963-B4F6-3898269786EC}" = Catalyst Control Center Localization Italian
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A370610-3778-44AF-9AAC-69B2FD1A3356}" = Microsoft Live Search Toolbar
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DB85E8-EEBF-B0D2-651A-398814CB664C}" = Catalyst Control Center Localization Thai
"{7BEF7553-EE3E-DE5D-2576-262D0EC93FB9}" = CCC Help Italian
"{824A7ACB-5101-5244-6470-9EC0DBAB67A3}" = CCC Help Danish
"{82C113AD-486F-4bd5-A2EA-2383AF57D084}" = D1500_Help
"{82DE85F1-AAA1-BC75-AD7E-640332C8F98B}" = Catalyst Control Center Localization Danish
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8659BC40-A836-3B79-0D79-DC761DA734D6}" = Catalyst Control Center Localization Finnish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B8240B3-891D-4965-AA51-8799622D44FF}" = DJ_SF_03_D1500_ProductContext
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92751A73-9C38-51D6-CFE7-D66ADF26A17A}" = CCC Help Portuguese
"{936622D2-47A8-FC24-FA43-5899EFCA8844}" = CCC Help Swedish
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9B13D1C1-1BCD-8677-E129-6E1928223F1B}" = Catalyst Control Center Graphics Light
"{A0B89436-5683-A215-0952-11F3C15040C9}" = Catalyst Control Center Localization German
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A3E53E55-0359-104E-7624-9AB51B1BCE66}" = CCC Help Japanese
"{A4B8BD05-69FB-8F9A-6C93-E405D0B56361}" = Catalyst Control Center Localization Greek
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A9134088-CCC0-56E7-9C75-86811084AB99}" = Skins
"{AB10EFAD-17B5-5295-6214-400CE5681661}" = CCC Help Norwegian
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B1421599-A42D-47ef-B512-B9B0317BD599}" = DJ_SF_03_D1500_Software
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3284308-AAAE-8021-F19C-42B894135B5C}" = Catalyst Control Center Localization Polish
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB1A8D7E-A399-35CE-7DEF-1022A600FDE9}" = Catalyst Control Center Localization Swedish
"{BB640A89-2E5E-2BB1-97A7-E953ACC9D374}" = CCC Help Polish
"{BDBB3B7C-80F1-160F-59D6-DAF7BCCD5BF3}" = Catalyst Control Center Graphics Previews Vista
"{C0626560-9EB6-0A04-C704-4D6AA38A873D}" = CCC Help Thai
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C4898551-1329-E6BF-7E7D-1B93B15AFAA8}" = Catalyst Control Center Localization Chinese Traditional
"{C4CF43CE-94AE-498E-9EB1-C804E05CB3CA}" = HP User Guides 0125
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CCDA625A-06DB-A9D5-B672-B5B416723DF8}" = Catalyst Control Center Localization Hungarian
"{D0650094-44A0-67C7-70A4-CF00576237A8}" = CCC Help Korean
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D36D8B67-ED17-9C76-73CA-D4AF448028FD}" = Catalyst Control Center Graphics Previews Common
"{D6E1FB7C-C1FD-E326-AE52-F9D7D8A1D122}" = CCC Help Chinese Traditional
"{DC7B0CCB-67A5-CC25-34A7-1BBF6D1E1280}" = Catalyst Control Center Localization Japanese
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E00CD076-B59D-1825-6FAA-383BE7CCEBFE}" = CCC Help Turkish
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E27C8061-488F-1D13-9B43-25659DD1CBDE}" = Catalyst Control Center Localization Chinese Standard
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E288A04A-A9D7-F79A-7E88-58321A0F12FC}" = Catalyst Control Center Localization Portuguese
"{E374D624-9BE9-3209-201D-931893B99C37}" = Catalyst Control Center Localization Spanish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED5862BF-C91D-0358-B62D-C0FAF7F9C66E}" = Catalyst Control Center InstallProxy
"{EE1AAA45-21EE-1630-DB15-164DD1DB2E47}" = CCC Help French
"{EFEAED6F-B458-A1C7-49BC-F1CA1C75C8AE}" = Catalyst Control Center Localization Norwegian
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F63B8DC4-4309-9F2E-07C1-4BE967F5668D}" = CCC Help Hungarian
"{F7CCA8CB-FF7C-A5CF-4C77-F9F31BB2D227}" = CCC Help Czech
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG 9.0
"ERUNT_is1" = ERUNT 1.1j
"FrostWire" = FrostWire 4.20.3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"RealPlayer 6.0" = RealPlayer
"RocketDock_is1" = RocketDock 1.3.5
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/15/2010 12:01:25 PM | Computer Name = KillBrittany | Source = WinMgmt | ID = 10
Description =

Error - 4/19/2010 10:17:00 PM | Computer Name = KillBrittany | Source = WinMgmt | ID = 10
Description =

Error - 4/20/2010 9:08:23 PM | Computer Name = KillBrittany | Source = WinMgmt | ID = 10
Description =

Error - 4/22/2010 3:52:21 PM | Computer Name = KillBrittany | Source = WinMgmt | ID = 10
Description =

Error - 4/25/2010 12:58:56 AM | Computer Name = KillBrittany | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3726, time stamp 0x4b9e5a0c,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x01000000, process id 0x1028, application start time 0x01cae4205c975b30.

Error - 4/25/2010 12:59:13 AM | Computer Name = KillBrittany | Source = Application Error | ID = 1000
Description = Faulting application o.dat, version 0.0.0.0, time stamp 0x4bd321fc,
faulting module o.dat, version 0.0.0.0, time stamp 0x4bd321fc, exception code 0xc0000005,
fault offset 0x00002361, process id 0xf64, application start time 0x01cae4340cd1aa60.

Error - 4/25/2010 9:16:44 AM | Computer Name = KillBrittany | Source = WinMgmt | ID = 10
Description =

Error - 4/25/2010 3:09:15 PM | Computer Name = KillBrittany | Source = WinMgmt | ID = 10
Description =

Error - 4/26/2010 7:57:18 PM | Computer Name = KillBrittany | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 7:00:25 PM | Computer Name = KillBrittany | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/2/2010 4:51:38 PM | Computer Name = KillBrittany | Source = Service Control Manager | ID = 7022
Description =

Error - 5/2/2010 4:54:37 PM | Computer Name = KillBrittany | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FB103C&REV_00\4&2a995034&0&0028)
disappeared from the system without first being prepared for removal.

Error - 5/2/2010 4:54:37 PM | Computer Name = KillBrittany | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FB103C&REV_00\4&2a995034&0&0228)
disappeared from the system without first being prepared for removal.

Error - 5/2/2010 4:54:37 PM | Computer Name = KillBrittany | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FB103C&REV_00\4&2a995034&0&0328)
disappeared from the system without first being prepared for removal.

Error - 5/2/2010 4:54:37 PM | Computer Name = KillBrittany | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FB103C&REV_00\4&2a995034&0&0428)
disappeared from the system without first being prepared for removal.

Error - 5/2/2010 5:15:34 PM | Computer Name = KillBrittany | Source = Service Control Manager | ID = 7022
Description =

Error - 5/2/2010 5:17:04 PM | Computer Name = KillBrittany | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_30FB103C&REV_00\4&2a995034&0&0028)
disappeared from the system without first being prepared for removal.

Error - 5/2/2010 5:17:04 PM | Computer Name = KillBrittany | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_30FB103C&REV_00\4&2a995034&0&0228)
disappeared from the system without first being prepared for removal.

Error - 5/2/2010 5:17:04 PM | Computer Name = KillBrittany | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_30FB103C&REV_00\4&2a995034&0&0328)
disappeared from the system without first being prepared for removal.

Error - 5/2/2010 5:17:04 PM | Computer Name = KillBrittany | Source = PlugPlayManager | ID = 12
Description = The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_30FB103C&REV_00\4&2a995034&0&0428)
disappeared from the system without first being prepared for removal.


< End of report >
  • 0

#8
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi Steadythisknife,

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :OTL
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKCU..\Run: [gotnewupdate000.exe] C:\Users\Brittana\AppData\Roaming\75A2A4A90BCB3E1F9206BC89CAA6033D\gotnewupdate000.exe File not found
    O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Brittana\AppData\Local\Temp\Mzr.exe File not found
    [2010/04/29 16:49:24 | 000,000,000 | ---D | C] -- C:\Users\Brittana\AppData\Local\wupucvayu
    [2010/04/29 16:48:35 | 000,000,000 | ---D | C] -- C:\Users\Brittana\AppData\Roaming\75A2A4A90BCB3E1F9206BC89CAA6033D
    [2010/05/02 17:43:02 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
    [2010/05/02 17:25:25 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7CCF229D-1FE9-4EFD-B9E4-8FC375C52971}.job
    [2010/05/02 16:42:20 | 000,011,906 | -HS- | M] () -- C:\Users\Brittana\AppData\Local\RIiYj0K8
    [2010/05/02 16:42:20 | 000,011,906 | -HS- | M] () -- C:\ProgramData\RIiYj0K8
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • Kaspersky Log

  • 0

#9
Steadythisknife

Steadythisknife

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4060

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

5/2/2010 6:52:47 PM
mbam-log-2010-05-02 (18-52-47).txt

Scan type: Quick scan
Objects scanned: 119235
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


KasReport:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, May 3, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, May 02, 2010 22:13:40
Records in database: 4033863
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 197444
Threats found: 2
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 03:35:15


File name / Threat / Threats count
C:\Users\Brittana\Desktop\Pod\Modest Mouse - Dark Center Of The Universe.mp3 Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Users\Brittana\Documents\FrostWire\Incomplete\T-3470103-deftones xerces.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\Brittana\Documents\FrostWire\Incomplete\T-4717604-Vandals - Oi to the world.wma Infected: Trojan-Downloader.WMA.Wimad.y 1
C:\Users\Brittana\Documents\FrostWire\Incomplete\T-5001935-pirates of carribean tech.wma Infected: Trojan-Downloader.WMA.Wimad.y 1

Selected area has been scanned.
  • 0

#10
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi Steadythisknife,

I'm going to delete the following files from your system if it's fine with you. Whenever you play these files, they will go online and download fake codecs which will further infect your system.

C:\Users\Brittana\Desktop\Pod\Modest Mouse - Dark Center Of The Universe.mp3
C:\Users\Brittana\Documents\FrostWire\Incomplete\T-3470103-deftones xerces.wma
C:\Users\Brittana\Documents\FrostWire\Incomplete\T-4717604-Vandals - Oi to the world.wma
C:\Users\Brittana\Documents\FrostWire\Incomplete\T-5001935-pirates of carribean tech.wma

To get rid of them, follow the instructions below.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :Files
    C:\Users\Brittana\Desktop\Pod\Modest Mouse - Dark Center Of The Universe.mp3
    C:\Users\Brittana\Documents\FrostWire\Incomplete\T-3470103-deftones xerces.wma
    C:\Users\Brittana\Documents\FrostWire\Incomplete\T-4717604-Vandals - Oi to the world.wma
    C:\Users\Brittana\Documents\FrostWire\Incomplete\T-5001935-pirates of carribean tech.wma
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
Other than that, are you still having any other problems?
  • 0

Advertisements


#11
Steadythisknife

Steadythisknife

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Thank you so much. I deleted those files as suggested through the OTL fix. Well it is running MUCH better than when I first started this thread, however things seem to be moving a little slower than they did before all this happened. especially at start up and hibernation. Also I get a warning message that windows security has been disabled, and if I attempt to turn it back on, it will not let me. it says The security center service can't be started. Things seem to be getting the not responding message more now, especially firefox.
  • 0

#12
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Do you have a Vista disk by chance?
  • 0

#13
Steadythisknife

Steadythisknife

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I would have to check. I am doing this for a friend, so I'm not sure what she has along with this. If she does indeed have one what should I do with it? Am I looking for the actual Windows Vista intall disc?
  • 0

#14
mpascal

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Try doing this to start the security center.

Go Start and in the "Start Search" area type services followed by enter.
  • Click continue if you are prompted with UAC.
  • Scroll down the list until you see Security Center. Right click it and select Properties.
  • To the right of Startup Type, set it to Automatic.
  • Click Apply.
  • Click Start.
  • Click OK and close the services window.
Does this work?
  • 0

#15
Steadythisknife

Steadythisknife

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Yes, this enabled windows security again. I do find that the computer is definitely running slower than before. Things are taking a lot longer to load, and upon shutting down sometimes it sits on the logging off screen for a long time.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP