Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need Help Removing PUM.Hijack.StartMenu

Started by pammywammyv , May 03 2013 02:44 PM

  • Please log in to reply

#1
pammywammyv
Posted 03 May 2013 - 02:44 PM

pammywammyv

    New Member

  • Member
  • Pip
  • 2 posts
Hello! I am requesting your help to remove PUM.Hijack.StartMenu found this afternoon while scanning with Malwarebytes in safe mode. I just recovered my computer early this morning, and after uninstalling some programs, restarting my computer, and logging in, it hung on the Welcome Screen. I tried to break the cycle by pushing CTRL+ALT+DELETE but ended up removing the plug from the back of it. I have had trouble installing Windows updates. I installed MSE this morning and later found a problem report in the Action Center about MpTelemetry. I ran Microsoft FixIt 2010 for MSE,restarted the computer, and reinstalled it. About an hour later, I found that same MpTelemtry in the Action Center and ran the FixIt again. I thought maybe this was happening because the updates needed to be installed, so I did so. Two hours later, update KB2538243 failed with code 643 and HRESULT: 0x80070BC9. In that research, I came across a post on the Microsoft Answer boards for those same exact errors. I followed the steps outlined in that post, which included running the FixIt again and also scanning with Malwarebytes in safe mode and with SUPERAntiSpyware normally. Malwarebytes found PUM.Hijack.StartMenu, quarantined it, and then deleted it, and I came straight here. Thank you, in advance, for your assistance.
  • 0

Advertisements

#2
pammywammyv
Posted 03 May 2013 - 02:47 PM

pammywammyv

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Sorry! I forgot to include my OTL logs. Here they are:

OTL logfile created on: 5/3/2013 4:11:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PAMMYV\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 4.51 Gb Available Physical Memory | 76.65% Memory free
11.78 Gb Paging File | 10.28 Gb Available in Paging File | 87.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.21 Gb Total Space | 872.34 Gb Free Space | 94.80% Space Free | Partition Type: NTFS
Drive D: | 11.20 Gb Total Space | 1.38 Gb Free Space | 12.28% Space Free | Partition Type: NTFS

Computer Name: PAMMYV-HP | User Name: PAMMYV | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/03 16:08:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PAMMYV\Desktop\OTL.exe
PRC - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2008/11/20 13:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/07/11 14:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/12/23 07:10:15 | 000,311,296 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/12/26 01:57:13 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/03 03:39:51 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/05/03 03:39:51 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/03 04:48:10 | 000,410,944 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2012/01/03 04:48:08 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/12/26 01:50:33 | 014,646,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/23 07:10:49 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/11/30 05:19:59 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/29 23:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 05:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/08/11 14:19:50 | 001,582,144 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{72124B7C-F4B3-4F0B-B979-D835A780FB34}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{72124B7C-F4B3-4F0B-B979-D835A780FB34}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{72124B7C-F4B3-4F0B-B979-D835A780FB34}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found



O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll File not found
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.128.23 205.152.37.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3F9C1C7-388B-44C9-8FE7-A14A596382A3}: DhcpNameServer = 205.152.128.23 205.152.37.23
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/03 18:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2013/05/03 16:08:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PAMMYV\Desktop\OTL.exe
[2013/05/03 15:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/05/03 15:02:56 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Roaming\SUPERAntiSpyware.com
[2013/05/03 15:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/05/03 15:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/05/03 15:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/05/03 14:18:24 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Roaming\Malwarebytes
[2013/05/03 14:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/03 14:18:18 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/03 14:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/03 14:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/03 14:17:25 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Local\Programs
[2013/05/03 12:47:05 | 000,000,000 | ---D | C] -- C:\MATS
[2013/05/03 11:50:40 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\Documents\Registry Backups
[2013/05/03 11:39:36 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Local\ElevatedDiagnostics
[2013/05/03 11:20:36 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Roaming\Roxio Log Files
[2013/05/03 11:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2013/05/03 11:18:37 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Roaming\NewspaperDirect
[2013/05/03 11:17:41 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\hpremote
[2013/05/03 11:15:45 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Roaming\Adobe
[2013/05/03 11:15:45 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Local\Adobe
[2013/05/03 09:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/05/03 08:46:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/05/03 08:46:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/05/03 08:46:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/05/03 08:35:34 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Local\WindowsUpdate
[2013/05/03 04:10:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/05/03 04:06:59 | 000,000,000 | R--D | C] -- C:\Program Files\Online Services
[2013/05/03 04:06:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/05/03 04:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/05/03 04:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/05/03 04:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013/05/03 04:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TouchSmartData
[2013/05/03 04:03:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlayReady
[2013/05/03 04:03:33 | 000,000,000 | ---D | C] -- C:\Windows\PRIndex
[2013/05/03 04:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2013/05/03 04:02:06 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
[2013/05/03 04:02:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/05/03 04:02:03 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Online Services
[2013/05/03 04:01:44 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
[2013/05/03 04:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013/05/03 04:01:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013/05/03 04:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2013/05/03 04:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2013/05/03 03:57:51 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
[2013/05/03 03:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/05/03 03:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2013/05/03 03:57:08 | 001,582,144 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\drivers\netr28x.sys
[2013/05/03 03:57:08 | 000,327,008 | ---- | C] (Ralink Technology, Inc.) -- C:\Windows\SysNative\RaCoInstx.dll
[2013/05/03 03:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink Driver
[2013/05/03 03:57:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/05/03 03:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Texas Instruments Inc
[2013/05/03 03:56:55 | 000,020,992 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/05/03 03:56:53 | 000,017,920 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/05/03 03:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/05/03 03:56:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013/05/03 03:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/05/03 03:55:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2013/05/03 03:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2013/05/03 03:55:22 | 000,000,000 | ---D | C] -- C:\Program Files\hp
[2013/05/03 03:55:07 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2013/05/03 03:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2013/05/03 03:51:29 | 006,341,632 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNGUI.exe
[2013/05/03 03:51:29 | 005,125,632 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNHP.dll
[2013/05/03 03:51:29 | 004,441,600 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll
[2013/05/03 03:51:29 | 001,819,136 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNC64.cpl
[2013/05/03 03:51:29 | 001,425,408 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray64.exe
[2013/05/03 03:51:29 | 001,070,592 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNX.dll
[2013/05/03 03:51:29 | 000,249,344 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\IDTNJ.exe
[2013/05/03 03:51:29 | 000,223,744 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\HPToneCtrls64.dll
[2013/05/03 03:51:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
[2013/05/03 03:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2013/05/03 03:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2013/05/03 03:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/05/03 03:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/05/03 03:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/05/03 03:51:20 | 000,000,000 | ---D | C] -- C:\Intel
[2013/05/03 03:50:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/05/03 03:48:12 | 000,565,352 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2013/05/03 03:48:01 | 001,987,072 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll
[2013/05/03 03:48:01 | 000,654,336 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll
[2013/05/03 03:48:01 | 000,535,040 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\drivers\stwrt64.sys
[2013/05/03 03:48:01 | 000,251,904 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\staco64.dll
[2013/05/03 03:48:01 | 000,220,512 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.DLL
[2013/05/03 03:48:01 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.DLL
[2013/05/03 03:48:01 | 000,078,176 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.DLL
[2013/05/03 03:48:01 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysWow64\sfcom.dll
[2013/05/03 03:29:40 | 000,000,000 | RH-D | C] -- C:\SYSTEM.SAV
[2013/05/03 01:32:02 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Roaming\WinBatch
[2013/05/03 01:08:37 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Roaming\hpqLog
[2013/05/03 00:52:07 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Local\PDFC
[2013/05/03 00:51:50 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/03 00:51:50 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\Searches
[2013/05/03 00:51:50 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/03 00:51:50 | 000,000,000 | -H-D | C] -- C:\Users\PAMMYV\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/03 00:51:43 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Roaming\Identities
[2013/05/03 00:51:41 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\Contacts
[2013/05/03 00:51:40 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Local\VirtualStore
[2013/05/03 00:51:31 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Roaming\Hewlett-Packard
[2013/05/03 00:47:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2013/05/03 00:47:56 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Local\RemEngine
[2013/05/03 00:47:54 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Local\Hewlett-Packard_Company
[2013/05/03 00:47:53 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/05/03 00:47:24 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Local\TouchSmartData
[2013/05/03 00:47:14 | 000,000,000 | --SD | C] -- C:\Users\PAMMYV\AppData\Roaming\Microsoft
[2013/05/03 00:47:14 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\Videos
[2013/05/03 00:47:14 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\Saved Games
[2013/05/03 00:47:14 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\Pictures
[2013/05/03 00:47:14 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\Music
[2013/05/03 00:47:14 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/03 00:47:14 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\Links
[2013/05/03 00:47:14 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\Favorites
[2013/05/03 00:47:14 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\Downloads
[2013/05/03 00:47:14 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\Documents
[2013/05/03 00:47:14 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\Desktop
[2013/05/03 00:47:14 | 000,000,000 | R--D | C] -- C:\Users\PAMMYV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\AppData\Local\Temporary Internet Files
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\Templates
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\Start Menu
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\SendTo
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\Recent
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\PrintHood
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\NetHood
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\Documents\My Videos
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\Documents\My Pictures
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\Documents\My Music
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\My Documents
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\Local Settings
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\AppData\Local\History
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\Cookies
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\Application Data
[2013/05/03 00:47:14 | 000,000,000 | -HSD | C] -- C:\Users\PAMMYV\AppData\Local\Application Data
[2013/05/03 00:47:14 | 000,000,000 | -H-D | C] -- C:\Users\PAMMYV\AppData
[2013/05/03 00:47:14 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Local\Temp
[2013/05/03 00:47:14 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Local\Microsoft
[2013/05/03 00:47:14 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Roaming\Media Center Programs
[2013/05/03 00:47:14 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Roaming\Macromedia
[2013/05/03 00:47:14 | 000,000,000 | ---D | C] -- C:\Users\PAMMYV\AppData\Local\Hewlett-Packard
[2013/05/03 00:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics
[2013/05/03 00:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Mathematics

========== Files - Modified Within 30 Days ==========

[2013/05/03 16:10:47 | 000,000,226 | ---- | M] () -- C:\Users\PAMMYV\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.url
[2013/05/03 16:08:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PAMMYV\Desktop\OTL.exe
[2013/05/03 15:56:41 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/05/03 15:52:28 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/03 15:52:28 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/03 15:49:33 | 000,795,402 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/03 15:49:33 | 000,672,282 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/03 15:49:33 | 000,125,014 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/03 15:45:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/03 15:45:06 | 447,217,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/03 15:02:45 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/05/03 14:18:19 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/03 13:57:01 | 057,231,457 | ---- | M] () -- C:\Users\PAMMYV\Documents\WERF076.tmp.hdmp
[2013/05/03 13:57:01 | 001,215,467 | ---- | M] () -- C:\Users\PAMMYV\Documents\WERF7E6.tmp.mdmp
[2013/05/03 13:57:01 | 000,005,252 | ---- | M] () -- C:\Users\PAMMYV\Documents\Report.wer
[2013/05/03 13:56:39 | 006,451,051 | ---- | M] () -- C:\Users\PAMMYV\Documents\pending.xml
[2013/05/03 13:56:21 | 002,072,764 | ---- | M] () -- C:\Users\PAMMYV\Documents\Sessions.xml
[2013/05/03 13:37:18 | 001,041,376 | ---- | M] () -- C:\Users\PAMMYV\Documents\CbsPersist_20130503174551.cab
[2013/05/03 13:23:53 | 000,266,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/03 10:11:04 | 000,469,362 | ---- | M] () -- C:\Users\PAMMYV\Documents\CbsPersist_20130503141435.cab
[2013/05/03 10:10:12 | 000,788,782 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/03 08:47:05 | 000,572,248 | ---- | M] () -- C:\Users\PAMMYV\Documents\CbsPersist_20130503124950.cab
[2013/05/03 04:44:01 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/05/03 04:44:01 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/05/03 04:39:30 | 000,014,568 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/05/03 04:06:06 | 000,000,020 | ---- | M] () -- C:\Windows\πω¤
[2013/05/03 03:51:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/05/03 03:35:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/03 03:35:03 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/03 03:25:21 | 000,000,000 | RHS- | M] () -- C:\OS
[2013/05/03 03:20:09 | 000,000,000 | ---- | M] () -- C:\12NA1MRW608.restore
[2013/05/03 01:18:26 | 000,001,443 | ---- | M] () -- C:\Users\PAMMYV\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/03 00:47:37 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_p7-1236s_Y53316J_0U_Q4CE224015H_E12NA1MRW608_4A_I2ADA_SFoxconn_V1.00_B7.11_T120428_W73-1_L409_M6031_J1000_7Intel_86A7_93.30_#130503_N10EC8168;18145390_Z_G80860102_Ohp CDDVDW SH-216ALN_DHWP3000.MRK
[2013/05/03 00:47:37 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_p7-1236s_Y53316J_0U_Q4CE224015H_E12NA1MRW608_4A_I2ADA_SFoxconn_V1.00_B7.11_T120428_W73-1_L409_M6031_J1000_7Intel_86A7_93.30_#130503_N10EC8168;18145390_Z_G80860102_Ohp CDDVDW SH-216ALN_DHWP3000.MRK
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/05/03 16:10:47 | 000,000,226 | ---- | C] () -- C:\Users\PAMMYV\Desktop\Malware and Spyware Cleaning Guide - Geeks to Go Forums.url
[2013/05/03 15:56:05 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/03 15:02:45 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/05/03 14:18:19 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/03 14:06:31 | 057,231,457 | ---- | C] () -- C:\Users\PAMMYV\Documents\WERF076.tmp.hdmp
[2013/05/03 14:06:31 | 006,451,051 | ---- | C] () -- C:\Users\PAMMYV\Documents\pending.xml
[2013/05/03 14:06:31 | 002,072,764 | ---- | C] () -- C:\Users\PAMMYV\Documents\Sessions.xml
[2013/05/03 14:06:31 | 001,215,467 | ---- | C] () -- C:\Users\PAMMYV\Documents\WERF7E6.tmp.mdmp
[2013/05/03 14:06:31 | 001,041,376 | ---- | C] () -- C:\Users\PAMMYV\Documents\CbsPersist_20130503174551.cab
[2013/05/03 14:06:31 | 000,572,248 | ---- | C] () -- C:\Users\PAMMYV\Documents\CbsPersist_20130503124950.cab
[2013/05/03 14:06:31 | 000,469,362 | ---- | C] () -- C:\Users\PAMMYV\Documents\CbsPersist_20130503141435.cab
[2013/05/03 14:06:31 | 000,425,984 | ---- | C] () -- C:\Users\PAMMYV\Documents\SCM.EVM
[2013/05/03 14:06:31 | 000,005,252 | ---- | C] () -- C:\Users\PAMMYV\Documents\Report.wer
[2013/05/03 09:37:37 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/05/03 04:39:30 | 000,014,568 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/05/03 04:06:06 | 000,000,020 | ---- | C] () -- C:\Windows\πω¤
[2013/05/03 03:57:08 | 000,014,119 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat
[2013/05/03 03:54:30 | 000,015,476 | ---- | C] () -- C:\Windows\SysNative\HP_Logo.bmp
[2013/05/03 03:51:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/05/03 03:48:12 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2013/05/03 03:48:04 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2013/05/03 03:48:04 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2013/05/03 03:48:04 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2013/05/03 03:48:04 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2013/05/03 03:48:04 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2013/05/03 03:48:04 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[2013/05/03 03:48:04 | 000,018,496 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2013/05/03 03:48:04 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2013/05/03 03:48:03 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2013/05/03 03:48:03 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013/05/03 03:48:03 | 000,963,912 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2013/05/03 03:48:03 | 000,261,196 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013/05/03 03:48:03 | 000,261,196 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2013/05/03 03:48:03 | 000,009,216 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2013/05/03 03:48:02 | 018,079,744 | ---- | C] () -- C:\Windows\SysNative\ig4icd64.dll
[2013/05/03 03:48:02 | 013,168,640 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2013/05/03 03:48:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2013/05/03 03:48:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2013/05/03 03:48:02 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2013/05/03 03:48:02 | 000,079,360 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2013/05/03 03:48:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/05/03 03:48:01 | 000,221,099 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2013/05/03 03:48:01 | 000,207,830 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2013/05/03 03:48:01 | 000,191,775 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2013/05/03 03:48:01 | 000,164,334 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2013/05/03 03:48:01 | 000,161,613 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2013/05/03 03:48:01 | 000,157,226 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2013/05/03 03:48:01 | 000,148,033 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2013/05/03 03:48:01 | 000,146,675 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2013/05/03 03:48:01 | 000,145,687 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2013/05/03 03:48:01 | 000,145,579 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2013/05/03 03:48:01 | 000,144,338 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2013/05/03 03:48:01 | 000,143,805 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2013/05/03 03:48:01 | 000,143,155 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2013/05/03 03:48:01 | 000,142,664 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2013/05/03 03:48:01 | 000,142,335 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2013/05/03 03:48:01 | 000,142,189 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2013/05/03 03:48:01 | 000,141,644 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2013/05/03 03:48:01 | 000,141,435 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2013/05/03 03:48:01 | 000,140,923 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2013/05/03 03:48:01 | 000,140,885 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2013/05/03 03:48:01 | 000,140,549 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2013/05/03 03:48:01 | 000,140,122 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2013/05/03 03:48:01 | 000,139,499 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2013/05/03 03:48:01 | 000,136,451 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2013/05/03 03:48:01 | 000,136,369 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2013/05/03 03:48:01 | 000,135,868 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2013/05/03 03:48:01 | 000,131,317 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2013/05/03 03:48:01 | 000,124,962 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2013/05/03 03:48:01 | 000,123,467 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2013/05/03 03:48:01 | 000,000,264 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2013/05/03 03:35:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/03 03:35:03 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/03 03:25:21 | 000,000,000 | RHS- | C] () -- C:\OS
[2013/05/03 03:20:09 | 000,000,000 | ---- | C] () -- C:\12NA1MRW608.restore
[2013/05/03 02:39:05 | 000,000,003 | R--- | C] () -- C:\cPCsuppDisc
[2013/05/03 02:28:27 | 000,587,583 | R--- | C] () -- C:\Disc1
[2013/05/03 01:18:26 | 000,001,443 | ---- | C] () -- C:\Users\PAMMYV\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/03 00:52:03 | 000,001,415 | ---- | C] () -- C:\Users\PAMMYV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/05/03 00:51:56 | 000,001,449 | ---- | C] () -- C:\Users\PAMMYV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/03 00:47:38 | 447,217,663 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/03 00:47:37 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_p7-1236s_Y53316J_0U_Q4CE224015H_E12NA1MRW608_4A_I2ADA_SFoxconn_V1.00_B7.11_T120428_W73-1_L409_M6031_J1000_7Intel_86A7_93.30_#130503_N10EC8168;18145390_Z_G80860102_Ohp CDDVDW SH-216ALN_DHWP3000.MRK
[2013/05/03 00:47:37 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_p7-1236s_Y53316J_0U_Q4CE224015H_E12NA1MRW608_4A_I2ADA_SFoxconn_V1.00_B7.11_T120428_W73-1_L409_M6031_J1000_7Intel_86A7_93.30_#130503_N10EC8168;18145390_Z_G80860102_Ohp CDDVDW SH-216ALN_DHWP3000.MRK
[2013/05/03 00:47:14 | 000,000,290 | ---- | C] () -- C:\Users\PAMMYV\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/03 00:47:14 | 000,000,272 | ---- | C] () -- C:\Users\PAMMYV\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/12/08 19:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/10/12 18:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/03 11:18:37 | 000,000,000 | ---D | M] -- C:\Users\PAMMYV\AppData\Roaming\NewspaperDirect
[2013/05/03 01:32:02 | 000,000,000 | ---D | M] -- C:\Users\PAMMYV\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 5/3/2013 4:11:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PAMMYV\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 4.51 Gb Available Physical Memory | 76.65% Memory free
11.78 Gb Paging File | 10.28 Gb Available in Paging File | 87.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.21 Gb Total Space | 872.34 Gb Free Space | 94.80% Space Free | Partition Type: NTFS
Drive D: | 11.20 Gb Total Space | 1.38 Gb Free Space | 12.28% Space Free | Partition Type: NTFS

Computer Name: PAMMYV-HP | User Name: PAMMYV | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05AF6B7C-E3AC-4966-90DD-3B436801A612}" = rport=138 | protocol=17 | dir=out | app=system |
"{11B4C33E-7C2C-4687-AE75-3D4C86D86A09}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1EF847B5-59FD-4751-AE6D-4E7B3C3F0831}" = lport=445 | protocol=6 | dir=in | app=system |
"{3603F6E5-78A4-4BDA-A8D2-967CD50EE590}" = rport=137 | protocol=17 | dir=out | app=system |
"{44F907BD-7A6C-40AC-8ADF-00AFC9E5584F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{60681B97-1598-41B0-AB16-A2A91E1A5D78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6304C950-C7FF-43E4-BF1C-DCCFEB576B0E}" = rport=139 | protocol=6 | dir=out | app=system |
"{64EDC16A-6A80-490F-B910-46368BEA7D77}" = lport=138 | protocol=17 | dir=in | app=system |
"{738CB416-7AC7-469B-B585-1E551D5BF9E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{784CA23D-42D7-46A1-8168-1869CCF9E496}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7A9090DF-A180-4200-9024-8FACF514A6C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{94992349-6935-431F-A54E-27D02F265A7C}" = lport=137 | protocol=17 | dir=in | app=system |
"{9D957CA5-C51C-4794-AB7E-14E982C05982}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACCC21E5-6597-443F-9612-621752E9A764}" = rport=445 | protocol=6 | dir=out | app=system |
"{D352DA80-7281-4227-90FD-44C4E65339EB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9AD7EF4-2861-4E8B-B1A0-653073F33874}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DC64F6CC-789A-428A-87FE-C88631FBB1A7}" = lport=139 | protocol=6 | dir=in | app=system |
"{DEB35ED9-9A03-429E-A1EF-008E1CB6B506}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DF47F1B8-F551-460B-BD9F-69A62261D56F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F230C193-FD7A-4B2D-8663-054B6EFED304}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F8921B26-F520-4156-B14E-3D45DB16520C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1738FE54-6F2D-41BF-94F6-76F7E46DE51B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21050338-93EE-4FFB-875D-1230FB4FAB35}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2AD5D8A9-6737-42E7-9ECF-77498C956FE2}" = protocol=1 | dir=in | [email protected],-28543 |
"{3304673F-7D31-4829-B925-1AF8541A84BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3BC13A37-E7B8-466A-84D8-F7DA8D02E757}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{43BB8DEA-0227-42E6-9662-0FBA76533569}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4524587E-5117-45B8-B6B4-FCBA279E24B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BD1D28E-FE4B-4557-B360-5C4285E606E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50FA0A06-060B-4F10-A8D8-08284A9071F2}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{5270A2F7-A03A-476A-ACCA-93E91EB20778}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{72D6252A-6FE7-4747-AD0C-82C5B8087BD7}" = protocol=58 | dir=in | [email protected],-28545 |
"{77E9B685-9D55-49E6-9E56-776CDE5F2265}" = protocol=1 | dir=out | [email protected],-28544 |
"{8EBEE02E-28FC-4936-B745-AD4D4FEB87D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DF89075-2F2F-4259-9055-3DFE6890212A}" = protocol=58 | dir=out | [email protected],-28546 |
"{ABD461C9-7F90-496B-9857-FA756DF29FC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B834FEF9-377D-4F7A-8476-86136EABF59C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CEAF5FD9-3490-4CEF-A6EE-E52BF1973111}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
"{D0F7914B-F440-4AF4-B17E-AAA5312E83E7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4B62BC6-2F2C-4470-AA45-7C7EA6A6372F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EF787CF9-A3FF-405E-97C6-6AD161D5F2E0}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\indivdrm.exe |
"{F1680766-1203-435A-93A7-28BB1D8BC166}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\roxionow\rnow.exe |
"{F55F241C-F7A0-426D-8243-C06B233E2843}" = protocol=6 | dir=out | app=system |
"{FF26496C-05CE-49F8-91AA-AE9BCBE1473A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}" = TI USB3 Host Driver
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{6A6F8D36-04BA-41E9-9004-1789BD545874}" = HP TouchSmart Background - Beats
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = 802.11n Wireless LAN Card
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"InstallShield_{355FBD67-5A4F-44DA-86A1-56EEC4C20EC0}" = TI USB 3.0 Host Controller Driver
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/3/2013 12:46:42 AM | Computer Name = PAMMYV-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/3/2013 12:46:42 AM | Computer Name = PAMMYV-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/3/2013 12:46:42 AM | Computer Name = PAMMYV-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/3/2013 12:46:42 AM | Computer Name = PAMMYV-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/3/2013 12:46:42 AM | Computer Name = PAMMYV-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/3/2013 12:46:42 AM | Computer Name = PAMMYV-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/3/2013 12:47:02 AM | Computer Name = PAMMYV-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/3/2013 12:47:54 AM | Computer Name = PAMMYV-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/3/2013 12:49:22 AM | Computer Name = PAMMYV-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 5/3/2013 1:06:15 AM | Computer Name = PAMMYV-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Hewlett-Packard Events ]
Error - 5/3/2013 12:49:21 AM | Computer Name = PAMMYV-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib

Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 6030 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

Error - 5/3/2013 12:49:21 AM | Computer Name = PAMMYV-HP | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164HPSFMsgr.exe at System.RuntimeTypeHandle.CreateInstance(RuntimeType
type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean
publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean
publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type
type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar()
StackTrace:
at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic)

at HPSA_Messenger.MessengerCom.TrayDeskBand.ShowTaskBar() Source: mscorlib Name:
HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 6030 Ram
Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)

[ System Events ]
Error - 5/3/2013 9:01:52 AM | Computer Name = PAMMYV-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/3/2013 9:01:52 AM | Computer Name = PAMMYV-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/3/2013 9:01:52 AM | Computer Name = PAMMYV-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/3/2013 9:01:52 AM | Computer Name = PAMMYV-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/3/2013 9:01:52 AM | Computer Name = PAMMYV-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/3/2013 9:01:52 AM | Computer Name = PAMMYV-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/3/2013 9:01:52 AM | Computer Name = PAMMYV-HP | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 5/3/2013 9:35:00 AM | Computer Name = PAMMYV-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%854

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 5/3/2013 9:35:00 AM | Computer Name = PAMMYV-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%854

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 5/3/2013 9:35:00 AM | Computer Name = PAMMYV-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%853

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240016 Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.


< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP