Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

moneypak FBI malware freaking out my family.


  • Please log in to reply

#1
Unclean2012

Unclean2012

    New Member

  • Member
  • Pip
  • 3 posts
A few days ago I picked up the moneypack virus. I ran any number of antivirus(AVG,spyhunter4-free, Dr web) programs from safemode and it went away for a few days. I reappeared on Monday and again today on Wednesday. So far none of my files have been encrypted that I know of. Any help is appreciated.

OTL logfile created on: 8/8/2012 9:44:04 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = F:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 58.76% Memory free
7.81 Gb Paging File | 5.57 Gb Available in Paging File | 71.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.77 Gb Total Space | 137.27 Gb Free Space | 48.03% Space Free | Partition Type: NTFS
Drive D: | 12.12 Gb Total Space | 2.03 Gb Free Space | 16.74% Space Free | Partition Type: NTFS
Drive E: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.93 Gb Total Space | 1.73 Gb Free Space | 89.60% Space Free | Partition Type: FAT

Computer Name: HOME-PC | User Name: Christensen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/08 21:37:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012/08/03 13:00:24 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012/07/18 07:59:10 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/10 07:30:44 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/07/10 07:30:42 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/05 18:50:30 | 000,295,304 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 06:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/03/19 06:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/03/19 06:29:38 | 000,106,368 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2012/03/06 18:39:50 | 000,574,296 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/03 13:00:23 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/07/18 07:59:10 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/07/10 07:30:58 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012/07/10 07:30:42 | 001,107,552 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/11 14:58:48 | 001,019,328 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2012/06/25 14:59:00 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/27 21:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2007/02/01 22:14:04 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcicoms.exe -- (lxci_device)
SRV - [2012/08/03 13:00:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 07:59:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/10 07:30:44 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/07/05 18:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/19 06:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/23 14:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe -- (AESTFilters)
SRV - [2007/02/01 22:13:46 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxcicoms.exe -- (lxci_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/04 23:25:32 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 18:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/03/23 14:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/10/09 21:22:42 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (LeapFrog-USBLAN)
DRV:64bit: - [2009/07/20 18:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 07:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 20:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/03/01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE:64bit: - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}
IE - HKLM\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{1FA0C8C7-9D37-47FE-BC29-5B1CC8329575}: "URL" = http://websearch.ask...65-46759754DF25
IE - HKCU\..\SearchScopes\{3D868A69-F711-4F8F-A8D9-0F5AE2B3FD72}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-04-27 16:20:18&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "http://my.yahoo.com/"
FF - prefs.js..keyword.URL: "http://websearch.ask...YYYYYYYYUS&&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Christensen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/15 02:00:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/10 07:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/17 08:59:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 10:51:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 07:59:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/19 15:18:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 07:59:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/19 15:18:11 | 000,000,000 | ---D | M]

[2012/04/27 05:50:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christensen\AppData\Roaming\Mozilla\Extensions
[2012/06/19 10:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christensen\AppData\Roaming\Mozilla\Firefox\Profiles\wxeeqx1s.default\extensions
[2012/06/19 10:06:44 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Christensen\AppData\Roaming\Mozilla\Firefox\Profiles\wxeeqx1s.default\extensions\[email protected]
[2012/04/30 17:43:56 | 000,002,580 | ---- | M] () -- C:\Users\Christensen\AppData\Roaming\Mozilla\Firefox\Profiles\wxeeqx1s.default\searchplugins\askcom.xml
[2012/08/05 15:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/05 15:36:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/07/18 07:59:10 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/10 07:30:39 | 000,003,767 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/20 20:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 20:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - HKCU..\Run: [DriverMax] File not found
O4 - HKCU..\Run: [DriverMax_RESTART] File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3204EB45-53C3-4653-B93B-593E2D24D16F}: DhcpNameServer = 209.55.24.10 209.55.27.13 8.8.8.8
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/05/14 09:41:10 | 000,921,656 | R--- | M] () - E:\AutoRun.bmp -- [ CDFS ]
O32 - AutoRun File - [2002/06/04 11:17:08 | 000,001,282 | R--- | M] () - E:\AutoRun.csv -- [ CDFS ]
O32 - AutoRun File - [2002/06/17 03:59:50 | 000,000,549 | R--- | M] () - E:\AutoRun.dat -- [ CDFS ]
O32 - AutoRun File - [2002/05/23 05:57:06 | 000,303,162 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/05/14 09:05:14 | 000,000,064 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2002/05/14 09:44:04 | 000,155,784 | R--- | M] () - E:\autorun.wav -- [ CDFS ]
O33 - MountPoints2\{fcd9bcda-9035-11e1-a1ad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fcd9bcda-9035-11e1-a1ad-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2002/05/23 05:57:06 | 000,303,162 | R--- | M] ()
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 20:56:52 | 000,000,000 | ---D | C] -- C:\Users\Christensen\AppData\Roaming\Malwarebytes
[2012/08/08 20:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/08 20:56:26 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/08 20:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/08 20:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/08 20:29:45 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/05 16:34:03 | 000,000,000 | ---D | C] -- C:\Users\Christensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/08/05 16:34:02 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/08/05 16:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/08/05 16:33:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/05 15:36:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/08/04 09:43:54 | 000,000,000 | ---D | C] -- C:\Users\Christensen\DoctorWeb
[2012/08/04 09:14:07 | 000,000,000 | ---D | C] -- C:\Users\Christensen\AppData\Local\ElevatedDiagnostics
[2012/08/03 14:55:29 | 000,000,000 | ---D | C] -- C:\Users\Christensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Codemasters
[2012/08/03 14:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codemasters
[2012/08/03 14:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2012/08/02 22:15:41 | 000,000,000 | ---D | C] -- C:\Users\Christensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/08/02 20:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codemasters
[2012/08/02 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\Christensen\AppData\Roaming\Leadertech
[2012/08/02 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\Christensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2012/08/02 20:30:11 | 000,000,000 | ---D | C] -- C:\Users\Christensen\Documents\My Games
[2012/08/02 20:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2012/08/02 20:22:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games
[2012/07/22 15:45:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/07/20 10:53:37 | 000,000,000 | ---D | C] -- C:\Users\Christensen\AppData\Local\Apple Computer
[2012/07/20 10:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/07/20 10:53:36 | 000,000,000 | ---D | C] -- C:\Users\Christensen\AppData\Roaming\Apple Computer
[2012/07/20 10:53:34 | 000,000,000 | ---D | C] -- C:\Users\Christensen\AppData\Local\Plex Media Server
[2012/07/20 10:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2012/07/20 10:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/07/20 10:51:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/07/20 10:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/07/20 10:43:45 | 000,000,000 | ---D | C] -- C:\Users\Christensen\AppData\Local\Plex
[2012/07/20 10:42:44 | 000,000,000 | ---D | C] -- C:\Users\Christensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plex Media Center
[2012/07/20 10:42:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex
[2012/07/17 21:55:19 | 000,000,000 | ---D | C] -- C:\Users\Christensen\Documents\Amazon MP3
[2012/07/17 21:55:19 | 000,000,000 | ---D | C] -- C:\Users\Christensen\AppData\Roaming\Amazon
[2012/07/17 21:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/07/17 21:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/07/17 08:59:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/14 16:22:45 | 027,602,676 | ---- | C] (PhedexbFileDescription) -- C:\ProgramData\jY01029E.lnk
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/08 21:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/08 20:56:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/08 20:33:00 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 20:33:00 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 20:07:11 | 103,256,935 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/08 20:03:51 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/08/08 20:03:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/08 20:02:44 | 3144,880,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 20:00:28 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012/08/07 21:24:10 | 000,000,863 | ---- | M] () -- C:\Users\Christensen\.recently-used.xbel
[2012/08/06 18:36:47 | 000,345,937 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/05 16:34:04 | 000,002,266 | ---- | M] () -- C:\Users\Christensen\Desktop\SpyHunter.lnk
[2012/08/04 09:28:17 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/04 09:28:17 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/04 09:28:17 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/04 09:19:56 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad
[2012/08/04 08:43:30 | 000,001,887 | ---- | M] () -- C:\Users\Christensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/08/02 20:30:10 | 000,002,195 | ---- | M] () -- C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk
[2012/08/02 07:51:14 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForChristensen.job
[2012/08/01 07:25:44 | 005,669,460 | ---- | M] () -- C:\Users\Christensen\Desktop\IMG_5277.JPG
[2012/08/01 07:24:22 | 005,671,519 | ---- | M] () -- C:\Users\Christensen\Desktop\IMG_5176.JPG
[2012/07/24 20:18:28 | 001,735,514 | ---- | M] () -- C:\Users\Christensen\Desktop\S140412072321130.pdf
[2012/07/24 20:18:07 | 002,267,510 | ---- | M] () -- C:\Users\Christensen\Desktop\S140412072321140.pdf
[2012/07/24 20:17:47 | 000,214,416 | ---- | M] () -- C:\Users\Christensen\Desktop\S140412072320341.pdf
[2012/07/20 10:11:00 | 050,153,230 | ---- | M] () -- C:\Users\Christensen\Desktop\rod-building.pdf
[2012/07/17 21:54:48 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/07/14 10:16:26 | 000,115,546 | ---- | M] () -- C:\Users\Christensen\Desktop\Restaurant.com Dining Certificate.pdf
[2012/07/11 21:28:01 | 000,026,878 | ---- | M] () -- C:\Users\Christensen\Desktop\obama_hammer_sickle.jpg
[2012/07/11 06:51:49 | 000,432,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 08:14:17 | 000,494,324 | ---- | M] () -- C:\Users\Christensen\Desktop\Untitled.pdf
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/08 20:56:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/07 21:24:10 | 000,000,863 | ---- | C] () -- C:\Users\Christensen\.recently-used.xbel
[2012/08/05 16:34:03 | 000,002,266 | ---- | C] () -- C:\Users\Christensen\Desktop\SpyHunter.lnk
[2012/08/04 09:19:56 | 004,503,728 | ---- | C] () -- C:\ProgramData\23lldnur.pad
[2012/08/04 08:43:30 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012/08/04 08:43:30 | 000,001,887 | ---- | C] () -- C:\Users\Christensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/08/02 20:30:10 | 000,002,195 | ---- | C] () -- C:\Users\Public\Desktop\Sid Meier's Pirates!.lnk
[2012/08/01 07:25:44 | 005,669,460 | ---- | C] () -- C:\Users\Christensen\Desktop\IMG_5277.JPG
[2012/08/01 07:24:21 | 005,671,519 | ---- | C] () -- C:\Users\Christensen\Desktop\IMG_5176.JPG
[2012/07/24 20:18:22 | 001,735,514 | ---- | C] () -- C:\Users\Christensen\Desktop\S140412072321130.pdf
[2012/07/24 20:18:03 | 002,267,510 | ---- | C] () -- C:\Users\Christensen\Desktop\S140412072321140.pdf
[2012/07/24 20:17:46 | 000,214,416 | ---- | C] () -- C:\Users\Christensen\Desktop\S140412072320341.pdf
[2012/07/20 10:09:03 | 050,153,230 | ---- | C] () -- C:\Users\Christensen\Desktop\rod-building.pdf
[2012/07/17 21:54:48 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/07/14 10:13:00 | 000,115,546 | ---- | C] () -- C:\Users\Christensen\Desktop\Restaurant.com Dining Certificate.pdf
[2012/07/11 21:27:59 | 000,026,878 | ---- | C] () -- C:\Users\Christensen\Desktop\obama_hammer_sickle.jpg
[2012/04/29 09:44:09 | 000,000,228 | ---- | C] () -- C:\Users\Christensen\AppData\Roaming\wklnhst.dat
[2012/04/29 07:58:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciserv.dll
[2012/04/29 07:58:29 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciusb1.dll
[2012/04/29 07:58:29 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcihbn3.dll
[2012/04/29 07:58:29 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomc.dll
[2012/04/29 07:58:29 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipmui.dll
[2012/04/29 07:58:29 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcilmpm.dll
[2012/04/29 07:58:29 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicoms.exe
[2012/04/29 07:58:29 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicomm.dll
[2012/04/29 07:58:29 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciinpa.dll
[2012/04/29 07:58:29 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciiesc.dll
[2012/04/29 07:58:29 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciih.exe
[2012/04/29 07:58:29 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcicomx.dll
[2012/04/29 07:58:29 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxciinst.dll
[2012/04/29 07:58:29 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcippls.exe
[2012/04/29 07:58:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxciprox.dll
[2012/04/29 07:58:29 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcipplc.dll
[2012/04/29 07:58:28 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcicfg.exe
[2012/04/27 15:58:20 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/04/27 15:58:20 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/04/27 15:58:19 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/04/27 15:58:19 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/04/27 15:58:19 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/04/27 01:59:22 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== LOP Check ==========

[2012/05/16 22:04:53 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\.minecraft
[2012/07/17 21:55:19 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\Amazon
[2012/04/27 16:21:26 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\AVG2012
[2012/04/27 15:59:58 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\CBS Interactive
[2012/05/10 21:58:26 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/06/30 08:10:16 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\Downloaded Installations
[2012/08/07 21:24:10 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\gtk-2.0
[2012/04/27 16:10:44 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\IObit
[2012/08/02 20:31:34 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\Leadertech
[2012/08/07 21:36:29 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\MediaMonkey
[2012/07/14 10:16:24 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\Nitro PDF
[2012/04/27 15:48:40 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\OpenCandy
[2012/04/29 09:44:10 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\Template
[2012/04/27 17:21:47 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\Unity
[2012/08/05 14:38:00 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 8/8/2012 9:44:04 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = F:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 58.76% Memory free
7.81 Gb Paging File | 5.57 Gb Available in Paging File | 71.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.77 Gb Total Space | 137.27 Gb Free Space | 48.03% Space Free | Partition Type: NTFS
Drive D: | 12.12 Gb Total Space | 2.03 Gb Free Space | 16.74% Space Free | Partition Type: NTFS
Drive E: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1.93 Gb Total Space | 1.73 Gb Free Space | 89.60% Space Free | Partition Type: FAT

Computer Name: HOME-PC | User Name: Christensen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~2\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0912209F-0F16-420B-91F0-6F5A2F49A2B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0B1B5A7E-458E-41ED-87B0-A93B96C5B85D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{15B26145-A2C7-43C4-811A-1B8A6E1A1395}" = rport=138 | protocol=17 | dir=out | app=system |
"{1D5935C2-AD9E-4F0F-9F9D-9F562E97EFD6}" = lport=139 | protocol=6 | dir=in | app=system |
"{1D69B62B-589C-48EB-A2BC-8A821CEB74E9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{22795988-B4FA-4735-8C02-AE0CAC782208}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{49258610-0886-4706-8F08-428120B23940}" = rport=139 | protocol=6 | dir=out | app=system |
"{6008521B-D557-48BE-9342-F6E013DCF6C9}" = rport=137 | protocol=17 | dir=out | app=system |
"{657913EF-F504-4FD2-80D7-5A87C96045AE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6791C272-ED19-482A-B7E6-B864DA65D366}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F9882BF-4263-49D5-81D8-D8DAE7464543}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7403BDC7-F729-4941-9FA2-C20F534B40DA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{78B57549-C64A-4F81-8E89-BDD4AE4989D1}" = lport=138 | protocol=17 | dir=in | app=system |
"{8A2511D2-FE6C-48F2-AB4C-B4E9C98C840F}" = rport=445 | protocol=6 | dir=out | app=system |
"{8FF9A0CF-5079-4CEF-A31A-591F43C9D190}" = lport=137 | protocol=17 | dir=in | app=system |
"{95BBB6AC-A5C6-4FC0-9376-A9E882CD0C1C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5B72E1F-F3C3-4A75-88FB-4425899FEB5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A96AFBCE-E539-490A-AD08-B92C9320C92C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD5D6913-5C88-4CD5-9C34-2913BCE29F2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D0676AAD-45F7-4CF5-9CE3-B0A452857162}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9DD395B-3FBA-4168-893A-87C38B2AE11A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EF00D54B-2599-4CEF-9AA9-011B30D9F3E6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFF179E4-4B76-43C8-B267-D9953897F29F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F2DCD749-8B82-4469-AD53-FEB9A93C1542}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F9288F15-9C59-4BD2-8D20-C79AAC8FBB80}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA5027B2-0D73-4B81-A96E-4C096653E5EF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19737F9C-10C0-4C2F-864C-1CE55A34BCF4}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{1A4DEDDB-1F4A-41CE-AD37-92D88A12991E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C86A489-1DEB-41FF-B8BD-BBB3A78669B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1F49B5DA-6528-4343-8B92-FF0AB7B2AC56}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{211D30B8-D28E-4C91-8FAF-A9B958CF56B6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{221598E3-ACB3-49E8-9AAF-B2D5CB1BCAE0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{222AA4C4-0431-46FC-B29C-62F29E4E6B4A}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{2320EF58-490D-4A8F-9BF5-84D97E4AD382}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexscripthost.exe |
"{25A7E8C2-9D15-4D62-9148-7E40E4CD5D4D}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcicoms.exe |
"{299594B3-573F-4361-B6D5-AE436C0D1A94}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2C034C0E-6194-44C4-A226-90C345CC5590}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2C744DC0-0812-4CB1-8DD4-E7E06E24E84A}" = protocol=1 | dir=in | [email protected],-28543 |
"{2F30B6B0-E150-46E2-B0F2-F5E93B3A8823}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{31C931D1-EF6B-4897-8448-F40B33992D76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{361890EA-D29B-4842-AC06-6B798FDF18CF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{377415F2-2C7E-4401-941F-93B40C6F202C}" = protocol=17 | dir=in | app=c:\windows\system32\lxcicoms.exe |
"{3FFD532E-5F7F-4B64-8650-E3C3C5D6F719}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{43C6E21C-7B6C-4DA4-9A6D-60D7C3635D1B}" = protocol=6 | dir=in | app=c:\windows\system32\lxcicoms.exe |
"{4860CC45-62A6-4943-AA21-8EBEAA369E9F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{486C5EDE-CA6B-4BC4-89F9-78A13B9BBEC3}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcicoms.exe |
"{55A7292C-C459-41E0-925B-33054BEC35C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{584BACFC-8B37-4964-BFCF-A09202331A88}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E8C1BC6-705D-4DCB-BB26-22F153701A24}" = protocol=58 | dir=out | [email protected],-28546 |
"{6555901D-682C-4483-B1E4-837AA3ED2D31}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{6D389AC0-E6D7-4299-B6D8-54F8D84653EC}" = protocol=6 | dir=out | app=system |
"{75AD81A9-0F09-4296-B66C-286A0EC19EAF}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{76D7C8EF-9BEA-41FC-AF7A-65308C3A161E}" = dir=in | app=c:\program files (x86)\plex\plex media server\plex media server.exe |
"{7C892952-770F-4DEC-8957-FB36CFD67FE2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8999E2CE-5649-40C0-9EAB-0CDBF9E39F35}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{8A5D7518-670C-41A0-BEE7-FD13DE543983}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{8B5306B6-C940-4961-BA99-F774AC09BB42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{906382CB-E1D4-4D34-B4C7-E5F531938B66}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexdlnaserver.exe |
"{93239800-BCDE-4CD5-8562-7459A0D8A8EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94186A24-85D2-4E19-B810-0867445FDB21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A5F46817-3C64-426C-A8F3-53343427BD46}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A682A956-19E8-404D-A72E-429603A63D03}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcipswx.exe |
"{A963E210-248E-491D-8D07-396ECA57D985}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{AA8BA7A2-B23C-4E11-84AA-268F1BF730EC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{AF55C481-88F0-42C7-87E0-D0B1B8D53276}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF8845C3-4BA2-452E-9BBF-20A22531C3A8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{B09C74B0-B2C9-4273-A4D9-0EFFD18A1C48}" = protocol=58 | dir=in | [email protected],-28545 |
"{B12DD912-D456-43C6-915E-97C7584E60C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{B6ABEBE6-3F55-4380-A4D4-3051C918602E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9249BAB-D44B-4BD2-8B40-35501936F684}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcipswx.exe |
"{BE18BAA1-A245-4EDA-8C98-467A9D5279B2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C459E7DE-8966-40C8-9512-DE055F697B36}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{C62AA90F-7C4B-4A19-9145-403980EEE232}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C6C188C2-5D3B-4BD0-BB7D-285DBB36A95A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{CEA30E22-F647-4A38-A786-6B4499DA82CD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D0CC29C8-B820-4FF4-857C-D1BA2B63A61B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{DDE3EA8D-F249-4CA4-B38B-D786B6587EC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E1D2E540-05EE-4581-9DD4-E9D575EBB713}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{EB190A7A-348E-48B0-93D3-148CA908F17F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{FF0F9DBF-1642-4A3F-BEE2-8DFB9F8984AC}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{A7931121-A37B-4E83-821A-5BF4425C028A}C:\program files (x86)\plex\plex media center\plex.exe" = protocol=6 | dir=in | app=c:\program files (x86)\plex\plex media center\plex.exe |
"UDP Query User{281666F9-1363-45DA-BFCF-3950B53C6052}C:\program files (x86)\plex\plex media center\plex.exe" = protocol=17 | dir=in | app=c:\program files (x86)\plex\plex media center\plex.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java™ 6 Update 14 (64-bit)
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{6C87223E-0EE1-4703-9789-2C986D860B20}" = Nitro Reader 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F896D026-9016-4122-B9BD-957FF092FFE9}" = SpyHunter
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"AVG" = AVG 2012
"HDMI" = Intel® Graphics Media Accelerator Driver
"Lexmark 7300 Series" = Lexmark 7300 Series
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2D4E1F8A-901B-4BBD-B311-B6E56059066E}" = Microsoft Live Search Toolbar
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{44DC8C66-0962-420B-A346-6D6E2BB0E703}" = LeapFrog Leapster Explorer Plugin
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}" = HP Support Assistant
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{63688C0C-441B-B09B-97A3-B059D79A84F7}" = Shutterfly Express Uploader
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{987F1753-1F42-4DF2-A5EA-0CCB777F3EB0}" = ASPCA Reminder by We-Care.com v4.0.19.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3318E1-5A9F-4A95-A7A1-7E045403AE34}" = HP User Guides 0148
"{9DCB01AA-6846-474F-92C9-AA329F066697}" = LeapFrog MyOwnLeaptop Plugin
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Activate Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DE626616-D7C4-4F00-7E0B-EAF26FA65749}" = muvee Reveal
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F89348B7-A917-40C5-8713-8368F5CDBA56}" = Plex Media Server
"{F9D1B35B-60DD-44F9-8FAF-29CD7CBD4BF3}" = LeapFrog Connect
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced SystemCare 5_is1" = Advanced SystemCare 5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"DMX5_is1" = DriverMax 6
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Flashpoint Resistance" = Flashpoint Resistance uninstall
"Homepage Protection" = Homepage Protection
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LastPass" = LastPass (uninstall only)
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"LeaptopPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MediaMonkey_is1" = MediaMonkey 4.0
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Operation Flashpoint" = Operation Flashpoint uninstall
"Picasa 3" = Picasa 3
"Smart Defrag 2_is1" = Smart Defrag 2
"TeamViewer 7" = TeamViewer 7
"The KMPlayer" = The KMPlayer (remove only)
"UPCShell" = LeapFrog Connect
"WildTangent hp Master Uninstall" = HP Games
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"CNET TechTracker" = CNET TechTracker
"Plex" = Plex
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/20/2012 1:37:54 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1186232

Error - 7/20/2012 1:37:54 PM | Computer Name = Home-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1186232

Error - 7/20/2012 5:11:50 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/22/2012 7:56:09 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:
11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,
version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:
0x000d6da0 Faulting process id: 0x12f0 Faulting application start time: 0x01cd6800d999ecfd
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report
Id: 39374371-d3f4-11e1-b775-00269e62e07c

Error - 7/22/2012 4:45:02 PM | Computer Name = Home-PC | Source = VSS | ID = 12305
Description =

Error - 7/22/2012 5:47:15 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/24/2012 10:06:13 AM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/25/2012 7:22:04 AM | Computer Name = Home-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 14.0.1.4577 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4b8 Start
Time: 01cd6a565b11f9b2 Termination Time: 48 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: f16de77a-d64a-11e1-ab1c-00269e62e07c

Error - 7/25/2012 12:20:06 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\innovative
solutions\drivermax\DPInst\ia64\dpinst.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/26/2012 7:26:52 AM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_11_3_300_265.exe, version:
11.3.300.265, time stamp: 0x4febd5ac Faulting module name: NPSWF32_11_3_300_265.dll,
version: 11.3.300.265, time stamp: 0x4febd798 Exception code: 0xc0000005 Fault offset:
0x001d1e33 Faulting process id: 0x1214 Faulting application start time: 0x01cd6b1fbb1fefb3
Faulting
application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe
Faulting
module path: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll Report
Id: cbfffae4-d714-11e1-ab1c-00269e62e07c

[ System Events ]
Error - 8/4/2012 9:50:58 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/4/2012 9:50:58 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/4/2012 9:50:58 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/4/2012 9:50:58 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/4/2012 9:50:58 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/4/2012 9:51:17 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/4/2012 10:13:45 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 8/4/2012 10:14:38 AM | Computer Name = Home-PC | Source = DCOM | ID = 10005
Description =

Error - 8/4/2012 10:14:38 AM | Computer Name = Home-PC | Source = DCOM | ID = 10005
Description =

Error - 8/4/2012 10:14:38 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068


< End of report >
  • 0

Advertisements


#2
Unclean2012

Unclean2012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Also ran malwarebytes and it detected 4. banker, ransom, zeus, and trace.

HKCU\Software\sistemanet (Malware.Trace) -> Quarantined and deleted successfully.
C:\ProgramData\jY01029E.lnk (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Users\Christensen\AppData\Local\Temp\deo0_sar.exe (Spyware.Zeus) -> Quarantined and deleted successfully.
C:\Users\Christensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen)

Could I be clean?


Thanks.
  • 0

#3
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Hi Unclean2012 and welcome at Geeks to Go!

I'm sorry for the delayed response. If you still need help, please follow the following instructions. :thumbsup:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\SearchScopes\{1FA0C8C7-9D37-47FE-BC29-5B1CC8329575}: "URL" = http://websearch.ask...65-46759754DF25
    IE - HKCU\..\SearchScopes\{69B38643-8C04-4B58-A328-1E9A27FDA35E}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=AA5ECCF0-89A5-4996-AABB-12EFAAF191EA&apn_ptnrs=TV&apn_sauid=4A53422D-E970-4454-8C65-46759754DF25&apn_dtid=YYYYYYYYUS&&q="
    [2012/04/30 17:43:56 | 000,002,580 | ---- | M] () -- C:\Users\Christensen\AppData\Roaming\Mozilla\Firefox\Profiles\wxeeqx1s.default\searchplugins\askcom.xml
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    [2012/06/14 16:22:45 | 027,602,676 | ---- | C] (PhedexbFileDescription) -- C:\ProgramData\jY01029E.lnk
    [2012/08/08 20:00:28 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
    [2012/08/04 09:19:56 | 004,503,728 | ---- | M] () -- C:\ProgramData\23lldnur.pad
    [2012/08/04 08:43:30 | 000,001,887 | ---- | M] () -- C:\Users\Christensen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
    [2012/04/27 15:48:40 | 000,000,000 | ---D | M] -- C:\Users\Christensen\AppData\Roaming\OpenCandy
    [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files (x86)\Ask.com
    C:\ProgramData\WeCareReminder
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done




Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#4
Unclean2012

Unclean2012

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks for the assistance. here is the report:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.14.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Christensen :: HOME-PC [administrator]

Protection: Enabled

8/14/2012 8:33:18 PM
mbam-log-2012-08-14 (20-33-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195215
Time elapsed: 4 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#5
Gammo

Gammo

    Trusted Helper

  • Malware Removal
  • 2,299 posts
Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP